NAIROBI, Kenya — The Central Bank of Kenya (CBK) has launched a specialised Banking Sector Cybersecurity Operations Centre (BS-SOC) in a bid to shield the country’s financial system from a wave of escalating cyberattacks.
The centre, unveiled on Monday, will offer critical services including threat intelligence, incident response, digital forensics, and cyber investigations.
It is anchored in CBK’s 2024–2027 Strategic Plan and is part of the Computer Misuse and Cybercrime (Critical Information Infrastructure and Cybercrime Management) Regulations, 2024.
CBK Governor Kamau Thugge said the hub will serve as a “nerve centre” for combating increasingly sophisticated cyber threats facing Kenya’s banking sector.
“This partnership is imperative to enhance the resilience of the banking sector against the significant and persistent challenges posed by cyber threat actors,” the regulator noted.
The centre operates under CBK’s Cyber Fusion Unit and will work closely with banks and payment service providers.
Institutions regulated by the CBK are now required to report all cybersecurity incidents to the BS-SOC within strict timelines set by law.
At the same time, CBK is harmonising its Commercial Banks Cybersecurity Guidelines (2017) and Payment Service Providers Cybersecurity Guidelines (2019) with the new 2024 regulations, though institutions must continue observing both frameworks until the update is complete.
The move comes as Kenya grapples with an unprecedented surge in cybercrime.
Data from the Communications Authority shows detected threats hit 8.6 billion in the year to June 2025, nearly tripling from 3.5 billion the previous year.
Between April and June alone, 4.6 billion threats were recorded—outpacing the 2.5 billion reported in the first quarter.
The CA report attributes the spike to weak system patching, limited awareness among users, and a growing reliance by criminals on AI-driven attacks and machine learning.
System attacks were the most common, accounting for over half of all incidents, with internet service providers and cloud firms bearing the brunt as hackers exploited outdated software and harvested user credentials.
Other prevalent threats included distributed denial-of-service (DDoS) attacks, assaults on web and mobile apps, brute-force logins, and malware intrusions.
Financial institutions have become a prime target, with criminals increasingly probing for weaknesses in Kenya’s fast-digitising economy.
By centralising monitoring and response, CBK hopes the BS-SOC will serve as a deterrent and a safety net for banks under siege.
