By Kingsley Benson
The Central Bank of Nigeria (CBN) has introduced a new layer of cybersecurity checks for banks and other financial institutions, signalling a broader push to reinforce the stability and safety of the country’s financial system.
In a circular dated March 30, the apex bank directed regulated institutions to complete a newly deployed cybersecurity self-assessment tool, known as CSAT. The move is designed to help authorities better understand how well financial institutions are protected against cyber threats, which have become an increasing concern globally.
The CBN explained that the tool is part of its responsibilities under the Banks and Other Financial Institutions Act (BOFIA) 2020 and will serve as a key instrument for assessing the digital resilience of institutions under its supervision. By gathering structured data from banks, the regulator aims to identify vulnerabilities early and respond more effectively to emerging risks.
All affected institutions have been instructed to submit their assessments through a dedicated online portal. Access to the platform, along with detailed guidance, will be provided to chief information security officers and other designated officials responsible for cybersecurity within each organisation.
According to the directive, submissions must reflect each institution’s cybersecurity status as of December 31, 2025, and should be backed by relevant documentation where necessary. This requirement suggests a shift toward more evidence-based regulation, where claims about system strength must be supported by verifiable data.
The CBN also issued a clear warning against inaccurate reporting. It stated that any false, misleading or incomplete information would be treated as a regulatory violation and sanctioned in line with existing laws. This underscores the regulator’s intent to ensure that institutions treat the exercise with seriousness rather than as a routine compliance task.
Beyond data collection, the apex bank indicated that it will carry out follow-up checks, including off-site reviews and direct supervisory engagements, to validate the information submitted. These steps are expected to deepen oversight and ensure that reported cybersecurity measures reflect actual conditions within institutions.
For the broader public, the initiative reflects a growing recognition that financial stability is no longer only about capital adequacy and liquidity, but also about digital security. As banking services continue to migrate online, the risks associated with cyberattacks, data breaches and system disruptions have become more pronounced.
By tightening its supervisory approach, the CBN is positioning itself to better anticipate and manage these risks, while compelling financial institutions to strengthen their internal controls. The outcome, if effectively implemented, could translate into greater confidence in the banking system and improved protection for customers whose financial lives are increasingly conducted in digital spaces.
