The Central Bank of Kenya (CBK) has launched the Banking Sector Cybersecurity Operations Centre (BS-SOC), a new strategic facility aimed at bolstering the resilience of the country’s financial sector amid rising cyber threats.
In a statement issued on Monday, the CBK said the BS-SOC will operate under its Cyber Fusion Unit, a highly specialised division responsible for enhancing the cybersecurity posture of the financial system. The unit is tasked with managing advanced security tools, conducting threat research, and analysing cyber data to produce actionable intelligence—particularly against threats such as fraud, hacking, and ransomware.
“The successful implementation of this initiative requires the full collaboration and cooperation of all stakeholders,” the CBK noted. “This partnership is imperative to enhance the resilience of the banking sector against the significant and persistent challenges posed by sophisticated cyber threat actors.”
The newly established centre will provide a range of critical services, including:
These services are expected to significantly improve how financial institutions prevent, detect, and respond to cyberattacks—particularly as hackers continue to target both banks and individual account holders in Kenya.
As part of this initiative, CBK has begun the process of harmonising the existing:
These will be aligned with the new 2024 cybersecurity regulations. In the interim, however, regulated institutions must comply with both sets of guidelines concurrently.
Furthermore, all commercial banks and payment service providers are required to report cybersecurity incidents to the BS-SOC within the timelines prescribed under the Computer Misuse and Cybercrimes Act (CMCA) Regulations.
Kenya’s financial institutions continue to face mounting cyber risks, with recent incidents highlighting the vulnerabilities in both system infrastructure and customer accounts. The launch of the BS-SOC is seen as a critical step in reinforcing cyber defenses across the sector.
The CBK is urging all regulated entities to cooperate fully with the new framework and to invest in improved cybersecurity capabilities to keep pace with increasingly sophisticated threat actors.
