As is the case everywhere, the financial sector has always been the most vulnerable and the main target of cyber-attacks, hence the importance of equipping financial institutions with the right tools and knowledge to ensure their resilience to such threats.
Financial institutions in the developing world and emerging markets are more vulnerable to such attacks due to multiple reasons, mainly the limited budgets to support risk minimization efforts, which leads to reduced access to the right skills and tools. According to a recent Africa Cybersecurity Report, up to 80% of African organizations allocate less than USD 10,000 to cybersecurity annually. In addition to increasing investments in technology and tools, the development and enforcement of policy guidelines must follow too.
Following the establishment of the 2014 African Union Convention on Cyber Security and Personal Data Protection, cybersecurity in Africa started seeing advancements in the enactment of cybercrime and data protection legislation by East African countries, however, a key element that is necessary to sustain these advancements is for policymakers and governance professionals to understand the impact any lag between technology and policy has on cyber security.
In line with GBSN’s mission of “improving access to quality, locally relevant management and entrepreneurship education for the developing world”, we proudly partnered with The SWIFT Institute to develop two research case studies looking at cybersecurity and banking across the African and specifically East African context, as well as a teaching case that will provide future professionals with insights about the extent of safety in Kenyan banks and how to mitigate various risks.
All three of these case studies were designed to enable business students to make informed leadership decisions based on real-world situations within the global financial industry, more specifically in the African context.
GBSN tapped into its network of over 100 business schools in 50 countries to select experienced faculty members that would serve on the newly formed “Case Method Steering Committee”, a committee of faculty and professionals from different backgrounds, representing different geographies, and who support GBSN’s efforts to advance the case method in the developing world through future engagements and projects.
In order to select the right researchers for this specific topic, GBSN designed and ran a call for proposals, which led to the selection of a team from our member school, the “United States International University” in Kenya. The team produced the following two research cases:
- Cyber Security Risk Minimization Best Practices – African Experiences:
This case identifies key cyber security risks, cyber security risk quantification, and minimization practices in the banking industry. Taking a comparative view, it highlights the African experience and provides mitigating measures and strategies for cyber security risk minimization on emerging areas of concern for African financial institutions.
This research revealed the following insights:
- Insider threat is the biggest threat facing financial institutions.
- Organizations have adopted various frameworks to streamline their cyber risk management processes to benchmark with industry standards.
- Compared to other African regions, in the East African countries context, Central bank guidelines and data protection laws have played a key role in enhancing cyber risk management practices in the banking sector.
- Various frameworks have been designed specifically to assist Chief Information Security Officers and security teams to quantify their risks and present this data in a clear and quantifiable manner.
- Despite these efforts, limited budgets are a hindrance to risk minimization efforts, since most risk experts are usually unable to deploy the right skills and tools.
- Cybersecurity Risks and National Policy Implications – East African Experiences:
This case assesses the cybersecurity risks stemming from lags between policy development and technological advances in the banking industry with particular focus on the East African Region
Results from this study reveal the following key takeaways among others:
- Over $722 million is being invested in technology innovation by banks in the East Africa region, particularly in Financial Technology innovation.
- East African banks have not yet operationalized artificial intelligence and have a negative perception of Blockchain technologies despite these technologies having potential benefits in mitigating cybersecurity risks and fighting fraud.
- Banks are facing huge risks relating to financial fraud, data theft, and malware attacks. The greatest source of these risks is malicious insiders and organized crime syndicates.
- Policymakers, law enforcement, and judicial officers lack requisite cybersecurity training and expertise to guide the changing face of technology innovation and to avert potential cybersecurity risks.
Finally, a teaching case titled: “How Safe is the Kenyan Banking System? The KBA $6 Trillion Global Cybersecurity Risk Mitigation Agenda”, will be used in the classroom for teaching purposes.
We at GBSN believe that this program is key to moving the needle on our mission of “improving access to quality, locally-relevant management and entrepreneurship education for the developing world” because we are aware that there is a lack of case studies that feature local protagonists and that consider the specific circumstances, challenges, and potential of certain geographies. We strongly believe that for the case method to be a relevant teaching tool, we must support and encourage academics, researchers, and professionals that have the local knowledge and who can speak to the local specificities. Also, we must provide said researchers with the necessary coaching to go beyond descriptive, general cases and dig deeper, be more methodical, and produce insightful, actionable, and relevant case studies to help advance their respective fields.