By Chijioke Nelson and Terhemba Daka
Effective August 1, 2018, all deposit money banks and payment service providers shall report all cyber incidents, whether the attempt was successful or not and immediately.
A draft document on the Risk-Based Cybersecurity Framework and Guidelines for input from stakeholders by the Central Bank of Nigeria (CBN) has mandated banks to incorporate cyber risk management with their institution-wide risk management framework and governance requirements, to ensure consistent management of risks across the institution.
The mandate to report the incidents is coming on the heels of observed under-disclosure and outright non-disclosure of some fraudulent incidents by industry operators.
The development is also an indication that the sector is inching closer to ending the era of unnecessary excuses for withholding important information about system failures, insider-related hacking and frauds that have caused customers and banks billions of naira.
The document also noted that effective risk management reduces adverse impact on an organisation by addressing threats, mitigating exposure, and reducing vulnerability.
As usual, the apex bank…