The Central Bank of Kenya (CBK) has established a new Banking Sector Cybersecurity Operations Centre (BS-SOC) designed to protect financial institutions nationwide from escalating cyber threats.
The BS-SOC lives inside CBK’s Cyber Fusion Unit. It is framed by the Computer Misuse and Cybercrime (Critical Information Infrastructure and Cybercrime Management) Regulations of 2024 and also fits into the CBK Strategic Plan for the period 2024-2027.
Its duties encompass a wide range, including gathering cyber threat intelligence, responding to incidents as they arise, conducting digital forensics, and investigating cyber-related issues.
Financial institutions regulated by CBK will need to adjust to the fact that CBK is also updating related rules. The Commercial Banks Cybersecurity Guidelines from 2017 and the Payment Service Providers Cybersecurity Guidelines from 2019 are being realigned with the 2024 regulations.
READ: Kenyan Insurance Companies Ordered to Report Cyber Attacks Within 24 Hours
Until that process is done, all regulated entities must comply with both the older guidelines and the new regulatory requirements. Meanwhile, any cybersecurity incident must be reported to the BS-SOC under the timelines laid out in the new rules.
CBK emphasized that this project will only succeed if everyone does their part. It called upon banks, payment providers and all relevant stakeholders to collaborate.
With digital banking growing fast and cyber attackers getting smarter, cooperation will be vital in strengthening the banking sector’s resilience.
The timing of the launch also matters. In the last quarter of 2025, Kenya recorded 4.6 billion cyber threats. Meanwhile, the data from CBK showed that hackers stole about $12 million from bank customers during 2024 alone.
Those figures prove just how much catching up is required in cybersecurity even as digital financial services spread.
