CBN Mandates Cybersecurity Grading for Financial Institutions

The Central Bank of Nigeria (CBN) is stepping up its cybersecurity oversight, requiring banks and other financial institutions to complete a comprehensive self-assessment tool. The new directive, announced in a circular dated March 30th, aims to proactively identify vulnerabilities amid rising cyber threats.

Compliance Timeline

Deposit money banks have 21 days to submit their assessments
Other institutions (microfinance banks, fintechs, payment providers) get 35 days

The CSAT tool covers key areas including:

Cybersecurity governance and accountability
Risk management frameworks
Technology and third-party risks
Incident response capabilities
Operational resilience

Context of the New Regulation

Nigeria’s financial sector has seen a significant increase in cyberattacks, with Check Point Software reporting 4,718 weekly attacks in 2024 alone. As digital payment adoption grows—reaching $185.6 billion in Q1 2025—the attack surface expands across web, mobile, and agent networks.

Data from the Financial Institutions Training Centre (FITC) reveals a concerning trend: fraud losses jumped 603% year-on-year to $2.37 million in Q1 2025, with over 12,000 reported cases.

The CBN’s move represents a shift towards proactive surveillance as Nigeria’s financial system becomes increasingly digital—and therefore more vulnerable.

Written with the assistance of AI. Reviewed and edited by the AfricanCIO editorial team.

CBN Mandates Cybersecurity Grading for Financial Institutions

Compliance Timeline

Context of the New Regulation

Related articles

Empowering African Innovation: University Students Tackle Real-World Challenges

Esca Finance Partners With MANSA for Same-Day Payment Settlements Across Africa

The CIO's New Imperative: Governing the Algorithmic Enterprise