CBN to Develop Risk-based Cyber Security Framework for Banks

    • Partners US Fed Reserve, South Africa Central Bank, JP Morgan

    Ndubuisi Francis in Abuja

    The Central Bank of Nigeria (CBN) is developing a risk-based cyber security framework for deposit money banks (DMBs) and payment service in partnership with stakeholders in the financial industry.

    Statistics put the cost of cyber-crime globally at $700 billion annually, a figure projected to rise to about $2 trillion by 2019, due to the rapid digitisation of consumer lives and company records.

    In the case of Nigeria, about N198 billion is said to be lost to the ever-increasing cases of cyber crimes per annum usually perpetrated through the financial system.

    The Deputy Governor, Financial System Stability (FSS), CBN, Mrs. Aishat Ahmad, who spoke in Abuja, Tuesday at the 2018 CBN-JP Morgan Chase Cyber Security Conference, said the CBN was committed to strengthening the regulatory and supervisory framework for cyber risk and encouraging realistic vulnerability testing and contingency planning for regulated institutions.

    Ahmad, who represented the CBN Governor, Mr. Godwin Emefiele, at the conference, which dwelt on “building cyber resilience,” stated that in partnership with stakeholders “in the financial industry we are developing a Risk Based Cyber Security Framework for deposit money banks and payment service providers and internally, we have relied on instruments of automation, artificial”.

    According to her, new conveniences of modern technology have ushered in complex security challenges and cybercrime.

    “These range from identity and intellectual property theft, phishing, email spamming, virus dissemination, to sophisticated hacking and theft by digital crime syndicates.

    “These developments have led to a significant rise in the global cost of cybercrime,” Ahmad said.

    A recent study by the International Monetary Fund (IMF), she added, estimated global annual losses from cyber-attacks at close to nine per cent of banks’ net income or around $100 billion.

    “And in a severe scenario, where the frequency of attacks are twice as high as currently experienced and with greater contagion, losses could be as high as $350 billion,” the CBN deputy governor said.

    She noted that there was no gain saying the fact that automation and technological innovations over the past decade had impacted almost every facet of human endeavour.

    Technology, she added, had transformed the learning, communication, service delivery as well as the way financial transactions are conducted.

    “Also, continuing innovations such as robotics, artificial intelligence and block chains have potential for further disruption,” she observed

    Stressing that new conveniences of modern technology had ushered in complex security challenges and cybercrime, she noted that these range from identity and intellectual property theft, phishing, email spamming, virus dissemination, to sophisticated hacking and theft by digital crime syndicates.

    “These developments have led to a significant rise in the global cost of cybercrime. McAfee and the Center for Strategic and International studies estimate this at over $600 billion in 2017, more than 20 per cent higher than in 2014.

    “While a variety of organisations are exposed to cybercrime, the financial sector is particularly vulnerable given its crucial role of financial intermediation in a highly connected global financial system,” the CBN chief said.

    The increasing cost, velocity and diversity of cyber-attacks, she explained, have helped to elevate conversations about building robust defence systems to the forefront.

    Ahmad recalled that early this year, the World Economic Forum proposed the creation of the Global Centre for Cyber security in Geneva as a platform for global players to collaborate on cyber risks, whilst the Department of Homeland Security at the end of July just concluded a cyber-security national summit.

    She thanked JP Morgan Chase for their commitment and willingness to share their experiences.

    The Director, Information Technology Department CBN, Mr. John Ayo, said while he had no actual figures on financial losses associated with cyber crimes, Nigerians faced a huge risk that we face.

    He said: “Also looking at the demographics of Nigeria, we have a youth population that is information technology-savvy. You need to ensure that you have the right resilient system to ensure that any attack can be detected quickly and you respond appropriately. But in terms of the numbers, I don’t have any authoritative figures.”

    On measures put in place by the bank to check cyber crimes, he said: “Internally, in the CBN, what we have done is to look at this problem holistically and figure out the best steps to take.

    “We have spoken to the Reserve Bank in the United States of America Federal Reserve as well as the South Africa central bank to learn from their experiences, and understand what they are doing.

    “Most importantly, there is a cyber security capability model that tells you where you are and what the gaps are. So, we try to benchmark ourselves with the best in cyber security.

    “So, all the gaps we have are the ones we are addressing. Our plan is that by the end of 2018, we would have substantially addressed those gaps. We are building capability internally so that we are not only able to detect when something goes wrong.”