Financial institutions

Key Takeaways from the New CBN Cybersecurity Guidelines for Other Financial Institutions (OFIs) in Nigeria

OFIs, which are essentially third-party financial service providers, are particularly susceptible to these cybersecurity threats. And this is due to the fact that they mainly rely on Information and Communication Technology (ICT) to conduct their daily business activities.

Some examples of threats that Nigerian OFIs currently face include ransomware attacks, spear phishing, and advanced persistent threats.

Given these threats, the apex bank said that the new cybersecurity framework will now serve as cybersecurity measures that must be put in place by OFIs. He also pointed out that the deadline for fully complying with the guidelines was January 1, 2023.

“Accordingly, the Central Bank of Nigeria (CBN) hereby publishes the attached Risk-Based Cybersecurity Framework and Guidelines for AIFs, which represent the minimum requirements to be put in place by all AIFs. The date of entry into force for full compliance with the provisions of the Directive is 1 January 2023 and all AIFs must comply with it no later than this date”, said part of the CBN letter, seen by Business Insider Africa.

The CBN further noted that the main objectives of the framework are:

  • Create a safer and more secure cyber environment that will support information system security and ultimately ensure the stability of AIFs.
  • Contribute to combating/preventing cybercrime in the OFI sector.
  • Promote the adoption of best practices and appropriate cybersecurity standards by OFIs.
  • Promote and maintain public confidence in OFIs.
  • Promote a culture of cybersecurity and ongoing awareness.