Africa’s financial sector must take five vital steps to shore up governance and maintain stakeholder trust as financial institutions have become prime targets for cyber criminals, according to AFIS.
By Franck Kie, Clement Combary, Ali El Azzouzi & Nvalaye Kourouma
A report by cyber security firm DataProtect highlights that at least 85% of financial institutions have already fallen victim to cyber-attacks. The 2022 African Financial Industry Barometer by consultancy firm Deloitte has shown that cybercrime is the number one fear of bankers.
Exposed to the risk of financial loss, credibility with their stakeholders and sanctions from the regulatory authorities, financial institutions now have no choice but to arm themselves against cybercrime.
Cybersecurity must be at the heart of the strategic agenda. Following a work done by AFIS, the leading platform for African Financial Industry Leaders, we have identified five priorities to achieve a secure African financial services sector.
- CREATE DEDICATED CYBER SECURITY DEPARTMENTS
Given the scale of cyber threats, African financial institutions need to invest heavily in protecting their sensitive data to ensure stakeholder confidence. To do this, they should create dedicated cyber security departments structured into specialised sections.
It is also important that FIs recruit Information Systems Security Managers (ISSMs) responsible for IT security and Information Systems Directors (ISDs) who will actively work on incident prevention, detection and response.
- STRENGTHEN THE CYBER SKILLS OF ALL STAFF
Raising staff awareness of how to identify and anticipate cyber threats is an obligation for African financial institutions. Cyber security issues are still unclear to many employees and there is a lack of local expertise in the field. Therefore, financial institutions should encourage continuous training in this area by partnering with leading companies in the field and regularly assess the maturity of their staff on cyber issues.
- A REGULATORY FRAMEWORK TAILORED TO FINANCIAL INSTITUTIONS
Governments should encourage the cybersecurity efforts of African financial institutions by building a regulatory framework that specifically addresses the cybersecurity issues of African financial institutions. They could develop policies that support annual penetration testing and procedures for vulnerability management to assess that cybersecurity risks are appropriately managed.
- WORK TOGETHER TO EDUCATE CIVIL SOCIETY
It is essential to invest in human capital in cybersecurity. People today need to take ownership of digital tools without fear of threats. Financial institutions and governments must act together to create cybersecurity education spaces because the risks are global. Stakeholders should develop and constantly reassess best practices in the face of cyber risks.
- NEVER MINIMISE THE RISKS
Finally, despite all the prevention and detection measures, it is imperative never to minimise cyber risks. Technologies are rapidly evolving, becoming more complex and multiplying and our current processes may fail tomorrow. In the future, financial institutions will have to be even more digital than they are today. It is therefore crucial to anticipate risks and institutions must constantly monitor the sector to learn about new types of threats. The financial industry must be prepared to innovate constantly.
- Mr Franck Kie, Founder & Managing Partner, Ciberobs Consulting & Cyber Africa Forum
- Mr Clement Combary, Group Head of IT & Digital Transformation – Coris Holding SA
- Mr Nvalaye Kourouma, Group Chief Digital Officer, Ecobank
- Mr Ali El Azzouzi, Founder & CEO, Dataprotect