Kenya Launches Banking Sector Cybersecurity Operations Centre to Counter Rising Digital Threats

Nairobi, Kenya – The Central Bank of Kenya (CBK) has launched a state-of-the-art Banking Sector Cybersecurity Operations Centre (BS-SOC), marking a major milestone in Kenya’s fight against escalating cyber threats targeting the financial sector.

Unveiling the centre at CBK headquarters, Governor Kamau Thugge said the facility will provide real-time threat intelligence, digital forensics, incident response, and cyber investigations to banks, microfinance institutions, and other regulated financial entities.

The project forms part of the Computer Misuse and Cybercrime Regulations 2024 and is embedded in the CBK’s 2024–2027 Strategic Plan, reflecting the regulator’s commitment to strengthening Kenya’s digital financial ecosystem.

“Cyberattacks are evolving rapidly, and financial institutions remain prime targets. This centre will provide the sector with a coordinated defence mechanism to safeguard customer funds, sensitive data, and the integrity of our financial system,” said Governor Thugge.

Real-Time Threat Monitoring and Industry Collaboration

Under the new framework, financial institutions will be required to:

• Report all cyber incidents to the BS-SOC for real-time analysis.

• Maintain adherence to the CBK Cybersecurity Guidelines of 2019 until harmonised regulations are rolled out.

• Participate in sector-wide simulations and capacity-building exercises to improve resilience against ransomware, phishing, and insider threats.

The BS-SOC will serve as a central hub for:

• Threat Intelligence Sharing: Analysing attack patterns and disseminating actionable insights to banks.

• Incident Coordination: Ensuring rapid responses to data breaches and digital fraud attempts.

• Digital Forensics & Investigations: Supporting law enforcement with evidence collection and analysis for cybercrime prosecutions.

CBK confirmed it will collaborate with the Communications Authority of Kenya (CAK), the Directorate of Criminal Investigations (DCI), and global partners to keep pace with international best practices.

Rising Cyber Risks in Kenya’s Banking Sector

The launch comes amid surging cybercrime statistics in Kenya:

• A 2024 National KE-CIRT Report recorded over 700 million cyber threat attempts in Kenya last year, a 35% rise from 2023.

• Financial institutions were targeted by ransomware gangs demanding cryptocurrency payments and phishing syndicates seeking to steal online banking credentials.

• Mobile banking fraud remains the leading threat, with cases involving SIM swaps and fake loan apps also on the rise.

Experts warn that AI-powered attacks and cross-border hacking networks are making cybercrime increasingly sophisticated and harder to trace.

Global Context and Economic Implications

Kenya joins countries like Singapore, the United States, and the United Kingdom in establishing sector-specific cybersecurity operations centres for financial services.

The World Bank estimates that cybercrime costs the global economy over US$1 trillion annually, with banks bearing a significant portion due to regulatory penalties, fraud losses, and reputational damage.

Cybersecurity consultant Dr. Angela Mwangi said the BS-SOC will lower the cost of compliance for smaller banks by providing shared infrastructure and expertise that individual institutions might struggle to afford.

“Instead of every bank building its own expensive defence system, the sector can now leverage a coordinated approach, leading to cost savings, faster responses, and better overall security,” Dr. Mwangi noted.

Next Steps: Training, Compliance, and Public Confidence

CBK announced that banks must submit quarterly cybersecurity compliance reports and participate in annual sector-wide stress tests simulating cyberattacks on critical systems.

The regulator will also host cybersecurity training programmes for bank executives, IT professionals, and law enforcement officers to improve skills in digital forensics and incident response.

Governor Thugge said the ultimate goal is to boost public confidence in Kenya’s fast-growing digital financial services, including mobile money, online banking, and fintech innovations, all of which drive billions of shillings in daily transactions.

“Financial stability today depends not only on monetary policy but also on cyber resilience. With this centre, we are sending a clear message that Kenya takes digital security seriously,” Thugge emphasised.

Outlook

As Kenya deepens its digital economy and pushes for cashless transactions, analysts say the BS-SOC will be a critical pillar for financial inclusion, investor confidence, and national security.

However, they caution that success will require adequate funding, skilled personnel, and continuous public–private collaboration to stay ahead of rapidly evolving cyber threats.

The CBK is expected to release detailed operational guidelines for the BS-SOC in the coming weeks, with full implementation anticipated by early 2026.