October 28, 2025
Our Offices

CENTRAL BANK OF KENYA ESTABLISHES THE CYBERSECURITY OPERATIONS CENTRE FOR THE BANKING SECTOR

September 22, 2025
Insights

In an effort to ensure that the Kenyan banking sector is underpinned on digital trust, confidentiality, integrity, availability of critical information infrastructure and minimized impact of any successful cyber-attacks and pursuant to the provisions of Regulation 3(b) and 9(2) of the Computer Misuse and Cybercrimes (Critical Information Infrastructure and Cybercrime Management) Regulations, 2024, the Central Bank of Kenya (CBK) has today the 22nd September 2025 announced that it has established the Cybersecurity Operations Centre for the Banking Sector. This is aimed to enhance resilience in the banking sector against the significant and persistent challenges posed by sophisticated cyber threat actors.

Under the Computer Misuse and Cybercrimes (Critical Information Infrastructure and Cybercrime Management) Regulations 2024, a Cybersecurity Operations Centre is defined as a capability/centre that encompasses cutting-edge technology, tools and a team of cybersecurity experts organized to protect, monitor, detect, analyze, respond and report on cybersecurity incidents and threats.

This Centre is now fully equipped to provide critical services such as Cyber Threat Intelligence, Incident Response, Digital Forensics and Cyber Investigations within the Kenyan banking sector. 

The CBK has further announced that it is in the process of aligning and harmonizing the Commercial Banks Cybersecurity Guidelines 2017 and the Payment Service Providers Cybersecurity Guidelines 2019 with the provisions of the Computer Misuse and Cybercrimes (Critical Information Infrastructure and Cybersecurity) Regulations 2024 and call upon all regulated institutions (Commercial Banks, Microfinance institutions, Money Remittance Operators, Digital Credit Providers) to continue to comply with both sets of the requirements and to report cybersecurity incidents to the Cybersecurity Operations Centre, now under CBK’s Cyber Fusion Unit, within stipulated timelines.

It is also important to note that since under the Regulation, A Sector Cybersecurity Operations Centre is responsible for monitoring, detecting, preventing, responding and investigating cyber threats in a specific Sector, this Centre is characterized with the following capabilities:

  1. Real time event monitoring, analysis, log collection and aggregation;
  2. An alert system;
  3. Cybersecurity specialists organized to prevent, detect, analyze and respond to threats;
  4. Asset inventory;
  5. Vulnerability management;
  6. Network detection and response;
  7. End point detection and response;
  8. Intrusion detection;
  9. Malware analysis and testing;
  10. Threat prevention, monitoring and detection;
  11. Incidence response and management; and
  12. Threat intelligence platform.

For more information, please contact us on info@aowangaadvocates.com or +254794600191

All rights reserved for A.O. WANGA ADVOCATES

www.aowangaadvocates.com

Andrew Wanga Administrator

Share your thoughts