Husain Parvez
Published on: September 27, 2025
The Central Bank of Kenya (CBK) has launched the Banking Sector Cybersecurity Operations Centre (BS-SOC), a centralized facility aimed at improving cyber resilience across the country’s financial system.
Hosted within the CBK’s Cyber Fusion Unit, the BS-SOC will provide cyber threat intelligence, incident response, digital forensics, and cyber investigations. According to CBK, the centre is “a key part of the implementation of the Computer Misuse and Cybercrime (Critical Information Infrastructure and Cybercrime Management) Regulations, 2024” and aligns with the CBK Strategic Plan 2024–2027.
The launch comes amid a sharp rise in cyberattacks. Kenya’s Communications Authority reported 4.5 billion cyber threat events between April and June 2025, up 80.7% from the previous quarter. CBK’s own stress tests in May modeled a 5% chance of successful cyberattacks, with potential losses ranging from KSh 32.8 million to KSh 2.9 billion depending on severity.
CBK said it is working to harmonize the Commercial Banks Cybersecurity Guidelines (2017) and the Payment Service Providers Cybersecurity Guidelines (2019) with the 2024 regulations. In the meantime, regulated institutions are expected to comply with all three and report incidents to the BS-SOC within the stipulated timelines.
“The successful implementation of this initiative requires the full collaboration and cooperation of all stakeholders,” the CBK noted in its official statement. Governor Kamau Thugge added that “cyber threats continue to evolve. A sector-wide response is essential to protect Kenya’s financial system.”
Data from CBK also shows that cybercriminals siphoned KSh 1.59 billion from customer accounts in 2024, further underscoring the need for coordinated monitoring and response.
By integrating enforcement and threat response under one roof, CBK hopes to reduce fragmentation and give regulators better visibility into systemic cyber risks affecting banks and payment providers across Kenya.
