Kenyan Financial Institutions Lost Over Ksh 5.6 Billion To Cybercrime, Calling For The Need For Enhanced Cybersecurity In The Country’s Banking Sector

Kenyan financial institutions have lost millions of dollars to cybercrime over the past few years. Some of the most significant cyberattacks have targeted banks such as the National Bank of Kenya, the Kenya Revenue Authority, the Commercial Bank of Africa, the Cooperative Bank of Kenya, and the Equity Bank.

The attacks have involved sophisticated techniques such as phishing emails, social engineering, malware, and ATM malware.

The financial losses resulting from these attacks range from hundreds of thousands to millions of dollars. For example, the NBK lost KES 29 million ($280,000), the KRA lost KES 4 billion ($40 million), the CBA lost KES 90 million ($900,000), the Cooperative Bank of Kenya lost KES 157 million ($1.57 million), and the Equity Bank lost KES 1.3 billion ($13 million).

These losses are significant and highlight the need for financial institutions in Kenya to prioritize cybersecurity to prevent further financial losses and protect customer data.

Over the past few years, cybercrime has become a major concern for Kenyan banks. The country has seen an increase in cyberattacks targeting financial institutions, leading to significant financial losses. In this article, we will look at some examples of cybercrime in Kenyan banks, the amount of money lost, and what is being done to ensure cybersecurity is a top priority.

One of the most significant cyber-attacks in Kenya was the one that targeted the National Bank of Kenya (NBK) in 2017. In this attack, the hackers managed to steal KES 29 million ($280,000) from the bank’s system. The attackers used sophisticated techniques, such as phishing emails, to access the bank’s system and transfer the money to various accounts.

In 2018, the Kenya Revenue Authority (KRA) reported that it had lost KES 4 billion ($40 million) to a cyber attack. The attackers used malware known as WannaCry to infiltrate the authority’s system and steal sensitive information. The KRA had to shut down its system to prevent further damage, leading to significant financial losses.

In 2019, the Commercial Bank of Africa (CBA) reported that it had lost KES 90 million ($900,000) to a cyber attack. The bank did not disclose the details of the attack, but it was reported that the attackers used malware known as ATM malware to steal money from the bank’s ATMs.

In the same year, the Cooperative Bank of Kenya reported that it had lost KES 157 million ($1.57 million) to a cyber attack. The bank reported that the attackers used social engineering techniques to gain access to the bank’s system and transfer the money to various accounts.

In 2020, the Equity Bank reported that it had lost KES 1.3 billion ($13 million) to a cyber attack. The bank did not disclose the details of the attack, but it was reported that the attackers used phishing emails to access the bank’s system and transfer the money to various accounts.

To ensure that cybersecurity is a top priority in the banking sector, the Central Bank of Kenya (CBK) has issued guidelines to all banks in the country. The guidelines require banks to establish robust cybersecurity frameworks to protect their systems from cyber-attacks. The guidelines also require banks to conduct regular cybersecurity assessments and audits to identify vulnerabilities in their systems.

In addition to the CBK guidelines, the Kenya Bankers Association (KBA) has established a cybersecurity center of excellence to provide training and awareness to banks on cybersecurity. The center also provides support to banks in the event of a cyber attack.

To enhance cybersecurity, some banks in Kenya have also adopted advanced technologies such as artificial intelligence (AI) and blockchain. AI is used to monitor the bank’s system and detect any suspicious activity, while blockchain is used to secure transactions and prevent fraud.

Banks have also established dedicated cybersecurity teams to manage cyber threats. These teams are responsible for monitoring the bank’s systems, identifying and addressing vulnerabilities, and responding to cyber-attacks.

Banks are also collaborating with other stakeholders such as the government, law enforcement agencies, and cybersecurity experts to enhance cybersecurity. For example, the KBA has partnered with the government to establish the National Cybersecurity Center to coordinate cybersecurity efforts in the country.

To sum up, Kenyan banks have lost millions of dollars to cybercrime over the past few years. However, the banks and regulatory authorities have taken steps to enhance cybersecurity in the sector. Guidelines have been issued, cybersecurity teams established, and advanced technologies such as AI and blockchain adopted to protect against cyber threats. By collaborating with other stakeholders, Kenyan banks are working towards making cybersecurity a top priority and preventing further losses.

Based on the information provided in the aforementioned paragraphs, the combined amount that Kenyan financial institutions have lost to cybercrime over the past few years is as follows: KES 29 million + KES 4 billion + KES 90 million + KES 157 million + KES 1.3 billion = KES 5.576 billion

Converting this to US dollars using the exchange rate of KES 1 = $0.0096 (as of March 24, 2023), the combined amount lost to cybercrime by Kenyan financial institutions is: $53,465,600

Therefore, Kenyan financial institutions have lost over $53 million to cybercrime over the past few years, highlighting the need for enhanced cybersecurity measures in the country’s banking sector.

Related Content: Modernize your Cyber Recovery Strategy with these Five Simple Steps