Central Bank of Kenya launches cybersecurity operation centre for banks, calls for compliance to curb threats

Nairobi, Kenya – Commercial banks and all regulated financial institutions are now required to report cybersecurity threats to the Central Bank of Kenya (CBK).

CBK governor Kamau Thugge speaking at a past event. Photo: Parliament of Kenya/Facebook.

This followed the establishment of the Banking Sector Cybersecurity Operations Centre (BS-SOC).

In a press statement on Monday, September 22, CBK said the BS-SOC is a key component in the implementation of the Computer Misuse and Cybercrime (Critical Information Infrastructure and Cybercrime Management) Regulations, 2024, and a strategic initiative under the Central Bank of Kenya (CBK) Strategic Plan 2024-2027.

“The BS-SOC is currently under CBK’s Cyber Fusion Unit, and is equipped to provide critical services such as Cyber Threat Intelligence, Incident Response, Digital Forensics, and Cyber Investigations,” read the statement in part.

Press Release: Establishment of Banking Sector Cyber Security Operations Centrehttps://t.co/nMOR1Z1rtI pic.twitter.com/niYZJjPexp
— Central Bank of Kenya (@CBKKenya) September 22, 2025

The banking regulator said it took note of the prevailing regulatory compliance pressures and has commenced the process of aligning and harmonising the Commercial Banks Cybersecurity Guidelines 2017.

The bank is also implementing the Payment Service Providers Cybersecurity Guidelines 2019 with the provisions of the Computer Misuse and Cybercrimes (Critical Information Infrastructure and Cybersecurity) Regulations 2024.

CBK urged all regulated institutions to comply with both sets of requirements and report cybersecurity incidents to the BSSOC within stipulated timelines under the CMCA Regulations.

“The successful implementation of this initiative requires the full collaboration and cooperation of all stakeholders. This partnership is imperative to enhance the resilience of the banking sector against the significant and persistent challenges posed by sophisticated cyber threat actors,” the regulator said.

Data from the Communications Authority of Kenya shows that the country reported over 200% increase in cybersecurity threats (2.54 billion incidents) in the first quarter of 2025.

This was attributed to the advent of sophisticated AI-powered attacks, the exploitation of system vulnerabilities, and attacks on web applications.