CBK moves to revise 2017 cyber rules as fraudsters exploit new technology
This move comes amid rising concerns over the use of artificial intelligence, cloud computing, and the surge in mobile money fraud, which have exposed gaps in the current regulatory framework.
The Central Bank of Kenya (CBK) has called on commercial banks to increase their spending on cybersecurity as it updates the 2017 guidelines to address new and evolving digital threats.
This move comes amid rising concerns over the use of artificial intelligence, cloud computing, and the surge in mobile money fraud, which have exposed gaps in the current regulatory framework.
More To Read
- Kenya Kwanza adds Sh3 trillion to national debt in three years, CBK reveals
- CBK warns of rising debt distress, urges fiscal coordination
- Is it safe to keep your laptop plugged in all the time?
- Kenya calls for united African front against rising cyberthreats as regional forum opens in Nairobi
- X introduces transparency tool to curb bots and impersonation
- Technology of freedom, risk of violence: Digital divide facing women in post-war Tigray
CBK’s recent survey of 37 commercial banks and one mortgage institution reveals that while most lenders allocate between Sh2.5 million and Sh600 million annually for cybersecurity, some still do not have dedicated budgets and instead fund security efforts only when issues arise.
The regulator noted that existing budgets are often focused on licensing costs rather than fully addressing the growing complexity of cyber risks.
“As cyber threats evolve in scale and sophistication, updated guidance from central banks plays a critical role in safeguarding the stability, trust, and integrity of the financial system,” the CBK said in its survey report.
The regulator stressed that although the 2017 framework improved cyber defenses, the rapid changes in technology and threat patterns have outpaced its scope.
The updated guidance is expected to encourage banks to move away from heavy reliance on manual monitoring tools, which a third of surveyed banks still use, toward automated threat detection and response systems.
This shift is crucial as real-time cyber threats grow more advanced and harder to detect.
Banks have also urged CBK to include new areas such as artificial intelligence, machine learning, API security, and cloud computing in the revised rules.
Other important issues they want covered include cyber risk insurance, enhanced measures to combat mobile money fraud, stronger data privacy controls, and frameworks for sharing threat intelligence anonymously among financial institutions.
Mobile money platforms, which dominate Kenya’s financial transactions, have become a frequent target for fraudsters.
Banking leaders argue that updating regulatory guidelines to address these emerging challenges will improve overall security and protect customers better.
As Kenya’s financial sector continues to digitise rapidly, the Central Bank’s push for increased cybersecurity investment and updated regulations aims to strengthen resilience against growing cyber threats and safeguard the integrity of the banking system.
Top Stories Today
