CBK launches new cybersecurity centre to combat rising financial sector threats
CBK said the centre will provide critical services including cyber threat intelligence, incident response, digital forensics and cyber investigations.
Following rising concerns over cyber threats targeting financial institutions, the Central Bank of Kenya has launched a Banking Sector Cybersecurity Operations Centre (BS-SOC) to enhance the sector’s resilience.
In a statement on Monday, CBK said the centre will provide critical services including cyber threat intelligence, incident response, digital forensics and cyber investigations.
More To Read
- Interpol shares key advice to tackle cyber threats
- Kenya hit by 2.5 billion cyber-attacks in three months, facing crippling skills gap
- 1,200 arrested, Sh12 billion seized in major Interpol cybercrime crackdown across Africa
- Kenyan banks tighten oversight of third-party tech firms amid rising cyber threats
- Kenya records historic cyber attack surge with 4.6 billion threats in four months this year
- Kenya's cyber threats soar 202 per cent in Q1, hitting 2.5 billion
The BS-SOC is part of the implementation of the Computer Misuse and Cybercrime (Critical Information Infrastructure and Cybercrime Management) Regulations, 2024 and forms a strategic initiative under the CBK Strategic Plan 2024-2027. The centre operates under CBK’s Cyber Fusion Unit.
The bank also said it has begun aligning and harmonising the Commercial Banks Cybersecurity Guidelines 2017 and the Payment Service Providers Cybersecurity Guidelines 2019 with the 2024 regulations.
“Meanwhile, all regulated institutions must continue to comply with both sets of requirements simultaneously and are mandated to report cybersecurity incidents to the BS-SOC within stipulated timelines under the CMCA Regulations,” the Bank said.
CBK emphasised that the success of the initiative relies on the cooperation of all stakeholders.
“This partnership is imperative to enhance the resilience of the banking sector against the significant and persistent challenges posed by sophisticated cyber threat actors,” the bank added.
The launch comes as cybercrime attacks targeting Kenyan institutions more than doubled in the year ended June 2025, reflecting increased aggressiveness by threat actors amid the rapid digitisation of public and private workflows.
Data from the Communications Authority of Kenya (CA) shows the number of detected threats rose by 146 per cent to 8.6 billion, up from 3.5 billion the previous year.
The highest number of threats was recorded between April and June 2025, with 4.6 billion incidents detected—far exceeding the 2.5 billion recorded from January to March.
“The sharp rise in detected cyber threats can be attributed to several factors, including inadequate system patching, limited user awareness of threat vectors such as phishing and other social engineering techniques, as well as the growing adoption of AI-driven attacks and machine learning technologies by malicious actors,” reads the CA report.
System attacks were the most prevalent type, accounting for 4.5 billion incidents, as criminals targeted critical systems in sectors such as ICT.
“The majority of attacks targeted the ICT sector, with a focus on operating systems and database servers managed by internet service providers and cloud service providers. Threat actors primarily exploited outdated system vulnerabilities and exfiltrated user login credentials,” reads the report.
Other common threats included distributed denial of service (DDoS) attacks, assaults on web and mobile applications, brute force attempts and malware attacks.
Top Stories Today
