CBK Launches Banking Sector Cybersecurity Centre

The Central Bank of Kenya (CBK) has established a Banking Sector Cybersecurity Operations Centre (BS-SOC) to bolster the country’s defences against sophisticated cyber threats targeting financial institutions.

The BS-SOC, housed within CBK’s Cyber Fusion Unit, is a key element of the Computer Misuse and Cybercrime (Critical Information Infrastructure and Cybercrime Management) Regulations, 2024 and forms part of the CBK Strategic Plan 2024–2027. It will provide sector-wide services including cyber threat intelligence, incident response, digital forensics, and cyber investigations.

CBK said it is aligning the Commercial Banks Cybersecurity Guidelines (2017) and the Payment Service Providers Cybersecurity Guidelines (2019) with the 2024 regulations. Until the harmonization is complete, all regulated institutions must continue to comply with both sets of requirements and report cybersecurity incidents to the BS-SOC within the timelines set out in the new rules.

“The successful implementation of this initiative requires the full collaboration and cooperation of all stakeholders,” the CBK noted, emphasizing that the partnership will strengthen the resilience of Kenya’s banking sector against increasingly sophisticated cybercriminals.

The launch comes amid a sharp rise in cyber threats in Kenya. According to the Communications Authority of Kenya, 2.54 billion cyber-threat incidents were reported in just the first quarter of 2025.

CBK’s own data shows that in 2024, hackers siphoned a record $12 million (KES 1.59 billion) from bank customers, highlighting how quickly digital banking growth has outpaced security measures.