CBN Directs Financial Institutions To Comply With Deadline On Cyber Security Framework

01 Jul CBN Directs Financial Institutions To Comply With Deadline On Cyber Security Framework

The Central Bank of Nigeria (CBN) has directed all banks in the country to fully comply with the deadline of December 1, 2023, on Cyber Security Framework.

The apex bank said the directive became imperative for the financial institutions to strengthen their cyber defences if they were to remain safe and sound.

In the circular dated June 29, 2022, and signed by the CBN Director, Other Financial Institutions (OFIs) Department, Nkiru Asiegbu and addressed to all Other Financial Institutions under the regulation of the banking sector regulator, the apex bank urged all concerned to comply.

It said the need for full compliance with the framework has become compelling following recent increases in the number and sophistication of cybersecurity threats against financial institutions.

The guidelines aim, among other things, to create a safer and more secure cyber environment that supports information system security and promotes stability of the OFI sub-sector.

Also, it seeks to promote and maintain public trust and confidence in the sub-sector as well as contribute towards the prevention and combating of cybercrime in the OFI sub-sector.

The framework provides a risk-based approach to managing cybersecurity risk and consists of six parts including Cybersecurity Governance, and Oversight, Cybersecurity Risk Management System, Cyber Resilience Assessment, Cybersecurity Operational Resilience, Cyber-Threat Intelligence and Metrics, Monitoring and Reporting.

The CBN stressed that the guidelines represent the minimum requirements to be put in place by all OFIs.

According to the apex bank, the safety and soundness of OFIs require they operate in a safe and secure environment, hence the platform on which information is processed and transmitted should be managed in a way that ensures confidentiality, integrity and availability of information, as well as the avoidance of financial loss and reputation risks among others.

The CBN reasoned that since financial institutions rely on information and communications technology (ICT) to operate their business, and considering the rising incidences of cyber threats and attacks targeted at financial institutions, it was imperative to implement cybersecurity measures to mitigate those risks.

It noted that threats including ransomware, targeted phishing attacks and Advanced Persistent Threats (APT) had become prevalent, requiring financial institutions to boost cyber resilience, as well as take proactive steps to secure their critical information assets to ensure their safety and soundness.

The circular further stipulates the board of directors’ roles in relation to cybersecurity as well as the appointment and responsibilities of the Chief Information Security Officer (CISO) in tackling the increasing cases of cybersecurity, among others.