The Central Bank of Kenya (CBK) has created a Banking Sector Cybersecurity Operations Centre (BS-SOC) to strengthen defenses across the financial system.
The centre will run from CBK’s Cyber Fusion Unit and provide threat intelligence, incident response, digital forensics, and cyber investigations.The apex bank’s stress tests in May assumed a 5% chance of successful cyber-attacks, estimating losses at KSh 32.8 million under the baseline, KSh 2.1 billion under a moderate scenario, and KSh 2.9 billion in a severe case.The launch raises the bar for cybersecurity expectations in Kenya’s banking sector.
For real time market updates and analysis, join our WhatsApp Channel.
“Cyber threats continue to evolve. A sector-wide response is essential to protect Kenya’s financial system,”
Governor Kamau Thugge said.
The National Kenya Computer Incident Response Team – Coordination Centre (KE-CIRT/CC) reported 4.5 billion cyber threat events between April and June 2025, an 80.7% jump from the previous quarter’s 2.54 billion incidents. Financial institutions are especially vulnerable to cyber risks, heightening the need for a coordinated approach and knowledge-sharing.
CBK’s move is grounded in the Critical Infrastructure and Cybersecurity Regulations, 2024 under the Computer Misuse and Cybercrimes Act. For now, institutions face added reporting obligations, giving regulators a clearer view of sector vulnerabilities. Banks and payment service providers will be required to comply with both the 2017 Commercial Banks Cybersecurity Guidelines and the 2019 PSP Cybersecurity Guidelines, while also meeting the 2024 regulations.
CBK has said it plans to consolidate the rules but has not given a timeline.