CBN Orders Banks to Officially Report Cyber Incidents from August 2018

Effective from Wednesday, August 1, 2018, Nigeria’s Apex Bank, the Central Bank has mandated all banks and service payment providers to officially report cyber incidents, whether successful or not.

Despite the reluctance of banks to make these cases public, Nigeria has had about 4,000 cyber attacks with a 70% success rate resulting in a loss of about $500 million. This reluctance by banks could be largely attributed to the impact it will have on their brand and operations. However, if it’s anything to go by, it’s an indicator of the privacy that surrounds cyber incidents in the Nigerian banking sector.

In 2017, the Central Bank of Nigeria’s Director of Banking and Payment Systems Department, Dipo Fatokun said:

From the reports we have read, no Nigerian bank has reported having been hacked. One thing about hacking is that if a bank is hacked, it could disrupt its services to customers, depending on the type of hacking that was done. If it was a denial of services, definitely the customers’ services would have been disrupted”.

The CBN order will address the issue of under disclosure and non-disclosure of cybercrimes which has become a norm in the industry. All banks are to appoint a Chief Information Security Officer (CISO) who will be in charge of overseeing and implementing cybersecurity programmes. The sharing of cybercrime information will aid develop a superior defence against such crimes.