Business
Bank directors responsible for protection of customers’ data – CBN
Bank directors will henceforth be responsible for the protection and security of customers’ data against e-fradusters, the Central Bank of Nigeria (CBN) has directed.
The new rule followed the sophistication and jump in the number of cyber-security threats against Deposit Money Banks (DMBs) and Payment Service Providers (PSPs) which require strengthening their cyber defences to remain safe and sound.
Nigeria experienced over 4,000 cyber-attacks with 70 per cent success rate and loss of about $500 million in recent years mainly through cross channel fraud, data theft, email spooling, phishing, shoulder surfing and underground websites.
In a circular released on Wednesday titled: Risk-based Cyber-security Framework for Deposit Money Banks, signed by K.O Balogun for CBN Director of Banking Supervision, the regulator said provision of oversight and leadership and resources to ensure that cyber-security governance becomes an integral part of corporate governance, rests with the Board of Directors.
“The Board of Directors through its committees will now have overall responsibility for the DMB/PSP’s cyber-security programme. It will provide leadership and direction for effective conduct of the processes. The Board will ensure that cyber-security governance is integrated into the organisational structure and relevant processes,” it said.
Also, the board will ensure that cyber-security processes are conducted in line with business requirements, applicable laws and regulations while ensuring security expectations are defined and met across the DMB/PSP.
The Board will now hold Senior Management responsible for central oversight, assignment of responsibility, effectiveness of the cyber- security processes and shall ensure that the audit function is independent, effective and comprehensive.
Besides, the board will be responsible for all cyber-security governance documents such as cyber-security strategy, framework and policies and ensure alignment with the overall business goals and objectives.
Also, the board will, on a quarterly basis receive and review reports submitted by Senior Management. The report shall detail the overall status of the cyber-security programme to ensure that board- approved risk thresholds relating to cyber-security are being adhered to.
Cyber-security governance should not only aligns with corporate and Information Technology (IT) governance, but is cyber-threat intelligence driven, proactive, resilient and communicated to all internal and external stakeholders.
Boards are also mandated to appoint or designate a qualified individual as the Chief Information Security Officer (CISO) who shall be responsible for overseeing and implementing its cyber-security programme.
“The responsibilities of senior management include the implementation of the board-approved cyber-security policies, standards and the delineation of cyber-security responsibilities. Senior management will provide periodic reports (at a minimum quarterly); to the board on the overall status of the cyber-security programme of the DMB/PSP. The Chief Information Security Officer (CISO) are responsible for the day-to-day cyber security activities and the mitigation of cyber-security risks in the DMB/PSP,” the apex bank said.
-
News2 days agoFRSC opens 2026 nationwide recruitment, online applications begin July 3
-
Football7 days agoAfrica breaks World Cup record with seven teams in knockout stage
-
Entertainment4 days agoActress Cossy Ojiakor shares flooded home as heavy rainfall wreaks havoc in Lagos
-
Football1 week agoNetherlands to face Morocco, Brazil draw Japan in 2026 World Cup round of 32
-
Business1 week agoNAFDAC, FCCPC others partners OSOA Foods advocacy on food safety, MSME growth
-
Business6 days agoLogistics bottlenecks threaten Nigeria’s economic growth, industry leaders warn
-
Business6 days agoInflation, high interest rates loom as FG credit hits N40.38tn
-
Business1 week agoLagos leads as States receive N2.49tn FAAC allocation in Q1 2026

