Business & Finance

CBN Orders Banks’ Directors To Protect Data

The new rule followed the sophistication and jump in the number of cyber-security threats against Deposit Money Banks (DMBs) and Payment Service Providers (PSPs) which require strengthening their cyber defences to remain safe and sound.

Bank directors will henceforth be responsible for the protection and security of customers’ data against e-fradusters, the Central Bank of Nigeria (CBN) has directed.

Nigeria experienced over 4,000 cyber-attacks with 70 per cent success rate and loss of about $500 million in recent years mainly through cross channel fraud, data theft, email spooling, phishing, shoulder surfing and underground websites.

In a circular released yesterday titled: Risk-based Cyber-security Framework for Deposit Money Banks, signed by K.O Balogun for CBN Director of Banking Supervision, the regulator said provision of oversight and leadership and resources to ensure that cyber-security governance becomes an integral part of corporate governance, rests with the Board of Directors.

“The Board of Directors through its committees will now have overall responsibility for the DMB/PSP’s cyber-security programme. It will provide leadership and direction for effective conduct of the   processes.   The   Board will ensure   that   cyber-security governance is integrated into the organisational structure and relevant processes,” it said.

Also, the board will ensure that  cyber-security  processes  are conducted  in  line  with business   requirements, applicable   laws   and   regulations while   ensuring security expectations are defined and met across the DMB/PSP.

The Board will now hold Senior    Management    responsible    for    central    oversight,    assignment    of responsibility, effectiveness  of  the  cyber-security processes  and shall ensure  that the audit function is independent, effective and comprehensive.

Besides, the board  will  be  responsible  for  all  cyber-security  governance  documents  such  as cyber-security strategy, framework and policies and ensure alignment with the overall business goals and objectives.

Also, the board will, on a quarterly basis receive and review reports submitted by Senior Management. The report shall detail the overall status of the cyber-security programme to  ensure  that  board- approved  risk  thresholds  relating  to  cyber-security  are being adhered to.

The CBN also directed the boards to henceforth ensure that cyber-security is completely integrated with business functions and, well managed across the DMB/PSP.

Cyber-security governance should not only aligns with corporate and Information Technology (IT) governance, but is cyber-threat intelligence driven, proactive, resilient and communicated to all internal and external stakeholders.

Boards are also mandated to appoint or designate a qualified individual as the Chief Information Security Officer (CISO) who shall be responsible for overseeing and implementing its cyber-security programme.

“The responsibilities of senior management include the implementation of  the  board-approved   cyber-security   policies,   standards   and   the   delineation   of   cyber-security responsibilities. Senior management will  provide periodic reports (at  a  minimum  quarterly);  to  the board on the overall status of the cyber-security programme of the DMB/PSP. The Chief Information Security Officer (CISO) are responsible  for the day-to-day  cyber security  activities  and  the mitigation of cyber-security risks in the DMB/PSP,” the apex bank said

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *