CBN directs banks to protect customers’ data from fraudsters

Bank directors will henceforth be responsible for the protection and security of customers’ data against e-fradusters, the Central Bank of Nigeria (CBN) has directed.
The new rule followed the sophistication and jump in the number of cyber-security threats against Deposit Money Banks (DMBs) and Payment Service Providers (PSPs) which require strengthening their cyber defences to remain safe and sound.
Nigeria experienced over 4,000 cyber-attacks with 70 per cent success rate and loss of about $500 million in recent years mainly through cross channel fraud, data theft, email spooling, phishing, shoulder surfing and underground websites.
In a circular released yesterday titled: Risk-based Cyber-security Framework for Deposit Money Banks, signed by K.O Balogun for CBN Director of Banking Supervision, the regulator said provision of oversight and leadership and resources to ensure that cyber-security governance becomes an integral part of corporate governance, rests with the Board of Directors.
“The Board of Directors through its committees will now have overall responsibility for the DMB/PSP’s cyber-security programme. It will provide leadership and direction for effective conduct   of   the   processes.   The   Board will ensure   that   cyber-security governance is integrated into the organisational structure and relevant processes,” it said.
Also, the board will ensure that  cyber-security  processes  are conducted  in  line  with business   requirements, applicable   laws   and   regulations while   ensuring security expectations are defined and met across the DMB/PSP.
The Board will now hold Senior    Management    responsible    for    central    oversight,    assignment    of responsibility, effectiveness  of  the  cyber-security processes  and shall ensure  that the audit function is independent, effective and comprehensive.
Besides, the board  will  be  responsible  for  all  cyber-security  governance  documents  such  as cyber-security strategy, framework and policies and ensure alignment with the overall business goals and objectives.
Also, the board will, on a quarterly basis receive and review reports submitted by Senior Management. The report shall detail the overall status of the cyber-security programme to  ensure  that  board- approved  risk  thresholds  relating  to  cyber-security  are being adhered to.
The CBN also directed the boards to henceforth ensure that cyber-security is completely integrated with business functions and, well managed across the DMB/PSP.
Cyber-security governance should not only aligns with corporate and Information Technology (IT) governance, but is cyber-threat intelligence driven, proactive, resilient and communicated to all internal and external stakeholders.
Boards are also mandated to appoint or designate a qualified individual as the Chief Information Security Officer (CISO) who shall be responsible for overseeing and implementing its cyber-security programme.
“The responsibilities of senior management include the implementation of  the  board-approved   cyber security   policies,   standards   and   the   delineation   of   cyber-security responsibilities. Senior management will  provide periodic reports (at  a  minimum  quarterly);  to  the board on the overall status of the cyber-security programme of the DMB/PSP. The Chief Information Security Officer (CISO) are responsible  for the day-to-day  cyber security  activities  and  the mitigation of cyber-security risks in the DMB/PSP,” the apex bank said

No comments