Citing what it described as the “recent increase in the number and sophistication of cyber-security threats and attacks against Other Financial Institutions (OFIs),” as well as the need for the institutions to bolster their cyber resilience, the Central Bank of Nigeria (CBN), yesterday, released an exposere draft of riskbased cybersecurity framework and guidelines for the sub-sector. Specifically, CBN stated that “in recent times, threats such as ransomware, targeted phishing attacks and Advanced Persistent Threats (APT) have become prevalent, demanding that financial institutions, including OFIs, strengthen their cyber resilience and take proactive steps to secure their critical information assets to ensure their safety and soundness.”

OFIs include microfinance banks (MFBs), primary mortgage banks (PMBs), finance companies and development finance institutions (DFIs). According to the apex bank, the draft framework and guidelines, which stipulate minimum requirements for enhancing cybersecurity, are aimed at ensuring that OFIs remain safe and sound.

CBN advised OFIs to note that for a cybersecurity programme to be successful, it must be fully integrated into their business goals and objectives and must also be an integral part of the overall risk management process. The CBN framework comprises six parts: Cybersecurity governance and oversight; Cybersecurity risk management system; Cyber resilience assessment; Cybersecurity operational resilience; Cyber threat intelligence and Metrics, monitoring and reporting.

