The Central Bank of Kenya (CBK) has officially announced the establishment of the Banking Sector Cybersecurity Operations Centre (BS-SOC), a major step forward in bolstering the cybersecurity posture of Kenya’s financial sector.
In a statement issued on Monday, September 22, 2025, CBK stated that BS-SOC is a key component in the implementation of the Computer Misuse and Cybercrime (Critical Information Infrastructure and Cybercrime Management) Regulations, 2024, and a strategic initiative under the Central Bank of Kenya (CBK) Strategic Plan 2024-2027.
"The BS-SOC is currently under CBK's Cyber Fusion Unit, and is equipped to provide critical services such as Cyber Threat Intelligence, Incident Response, Digital Forensics, and Cyber Investigations," the statement read in part.
CBK pointed out that the BS-SOC will act as a central hub for managing cyber threats targeting Kenya’s financial institutions, which continue to face increasing cyber risk from sophisticated threat actors.
"This partnership is imperative to enhance the resilience of the banking sector against the significant and persistent challenges posed by sophisticated cyber threat actors," the statement read.
At the same time, the CBK also announced it has initiated efforts to align and harmonize the Commercial Banks Cybersecurity Guidelines (2017) and Payment Service Providers Cybersecurity Guidelines (2019) with the new 2024 cybercrime regulations.
"CBK takes note of the prevailing regulatory compliance pressures and has commenced the process of aligning and harmonising the Commercial Banks Cybersecurity Guidelines 2017 and the Payment Service Providers Cybersecurity Guidelines 2019 with the provisions of the Computer Misuse and Cybercrimes (Critical Information Infrastructure and Cybersecurity) Regulations 2024," the statement read further.
In the interim, all regulated institutions are now required to report cybersecurity incidents to the Banking Sector Cybersecurity Operations Centre, in line with the new 2024 cybercrime regulations
"All regulated institutions must continue to comply with both sets of requirements simultaneously and are mandated to report cybersecurity incidents to the BS-SOC within stipulated timelines under the CMCA Regulations," CBK stated.
The successful operation of the BS-SOC will depend on collaboration from all stakeholders, including banks, payment service providers, and digital financial platforms. CBK has urged full compliance and cooperation to ensure robust and unified defense mechanisms across the sector.
CBK issued the Guidance on Cybersecurity to commercial banks in August 2017, outlining the minimum requirements that institutions must build upon in the development and implementation of strategies, policies, procedures, and related activities aimed at mitigating cyber risk.
