The Central Bank of Nigeria (CBN) has introduced a mandatory Cybersecurity Self-Assessment Tool (CSAT) for all regulated financial institutions, in a decisive move to strengthen the resilience of Nigeria’s banking system against rising cyber threats.
The development was disclosed in a statement signed by Olubunmi Ayodele-Oni on behalf of the Director of the Compliance Department at the apex bank.
The initiative, the CBN said, is in line with its statutory oversight responsibilities under the Banks and Other Financial Institutions Act (BOFIA) 2020.
According to the statement, the CSAT will serve as a critical supervisory instrument designed to provide the CBN with comprehensive information on the cybersecurity posture of regulated institutions.
The tool covers key areas including cybersecurity governance, risk management practices, technology infrastructure safeguards, third-party risk controls, incident response capabilities, and overall operational resilience.
“It covers key areas including cybersecurity governance, risk management practices, technology and third-party risk controls, incident response capabilities, and overall operational resilience,” the statement noted.
The apex bank explained that insights derived from the assessment will enhance risk-based supervision and strengthen regulatory oversight of cybersecurity risks across the financial system.
All regulated institutions — including banks, fintech firms, and payment service providers — are required to complete and submit the CSAT through a dedicated portal.
Access credentials and detailed guidance will be communicated directly to Chief Information Security Officers and other relevant officials.
READ ALSO: CBN: Banking sector strengthened as 32 Banks complete recapitalization
Reports submitted must reflect each institution’s cybersecurity status as of December 31, 2025. The CBN also indicated that validation exercises, including off-site supervisory reviews, will be conducted to verify the accuracy and integrity of submissions.
The regulator issued a stern warning that the submission of false or misleading information would attract regulatory sanctions.
In a recent high-profile incident, First City Monument Bank (FCMB) successfully thwarted an attempt by suspected cyber criminals to steal N2.4 billion after detecting fraudulent activity in December 2025.
The bank was reportedly targeted in a large-scale operation initially aimed at siphoning more than N3 billion.
Although N677 million was transferred before the breach was detected, internal controls enabled the bank to block further access and limit losses. One suspect, Andrew Odekina, was reportedly identified as a key member of the alleged fraud syndicate.
Industry analysts say such incidents highlight the urgent need for stronger cybersecurity frameworks, proactive monitoring systems, and real-time threat detection mechanisms across the banking ecosystem.
The CSAT initiative follows the CBN’s recent release of a landmark framework for automated financial crime detection, which mandates banks, fintech firms, and payment companies to demonstrate compliance within 18 months.
Experts believe the combination of enhanced cybersecurity assessment and automated financial crime detection standards places Nigeria at the forefront of regulatory innovation in emerging markets.
Football1 week ago
Business1 week ago
News1 week ago
Politics1 week ago
Comments and Issues1 week ago
Latest1 week ago
Football6 days ago
Energy6 days ago