The Central Bank of Nigeria (CBN) has directed banks and other financial institutions to implement a Cybersecurity Self-Assessment Tool (CSAT) to strengthen the sector’s resilience against growing cyber threats.
“The CSAT is a structured supervisory instrument designed to obtain comprehensive information on the cybersecurity posture of regulated institutions,” the apex bank said in the circular.
The directive was contained in a March 30, 2026 circular issued by the CBN’s Compliance Department and signed by Director Olubunmi Ayodele-Oni, addressed to deposit money banks, payment service providers, microfinance banks, and other regulated institutions.
The move signals a more proactive regulatory stance by the CBN, aimed at improving visibility into cybersecurity risks and ensuring financial institutions adopt stronger safeguards in an increasingly digital financial ecosystem.
“Insights derived from the CSAT will support risk-based supervision and enhance regulatory oversight of cybersecurity risks across the financial system,” the circular reads in part.
The Problem
Nigeria’s financial sector has become a prime target for cyberattacks, driven by the rapid growth of digital banking, fintech platforms, and electronic payments. As more services move online, vulnerabilities around data protection, fraud, and system breaches have expanded.
In February, an INTERPOL-supported cybercrime operation, which involved 16 African countries, including Nigeria and Kenya, dismantled 1,442 malicious IPs, domains, and servers, and recovered over $4.3 million.
Many financial institutions, particularly smaller players, face challenges in maintaining robust cybersecurity frameworks due to limited resources, evolving threat landscapes, and inconsistent risk management practices.
Weak third-party integrations and slow incident response capabilities further expose the system to operational disruptions and financial losses.
At a systemic level, the lack of standardized, real-time insight into the cybersecurity readiness of institutions makes it harder for regulators to detect weaknesses early and prevent large-scale incidents.
These cyber risks translate into financial lost as reports by Financial Institutions Training Centre (FITC) showed that there was a ₦3.29 billion ($2.37 million) lost on fraud in first quater of 2025, a 603% year-on-year.
The Solution
The CSAT is designed to address these gaps by creating a uniform framework for assessing cybersecurity readiness across the financial system. According to the CBN, the tool evaluates key areas such as governance, risk management practices, technology infrastructure, third-party risk controls, incident response capabilities, and overall operational resilience.
All regulated institutions are required to complete and submit the assessment through a dedicated portal within specified timelines—three weeks for deposit money banks and five weeks for other institutions.
The submissions must be supported by verifiable documentation, with the CBN set to conduct validation exercises, including off-site reviews and supervisory engagements.
By standardising how cybersecurity data is collected and assessed, the tool enables risk-based supervision, allowing the CBN to identify vulnerabilities, prioritise interventions, and enforce compliance more effectively.
“Supervised institutions are reminded that all information submitted to the CBN must be accurate, complete, and verifiable. Submission of false, misleading, or inaccurate information constitutes a regulatory breach and will attract appropriate sanctions in accordance with the provisions of BOFIA 2020,” the apex bank warned.
Why it matters
If successfully implemented, the CSAT could significantly strengthen trust in Nigeria’s financial system by reducing the likelihood and impact of cyber incidents. For consumers, this translates to safer digital transactions, better protection of personal data, and increased confidence in using financial services. A recent article by TechMedia Africa explained how a bank customers who use one password across multiple sites risks fallen victim of cyber attack.
For the industry, improved cybersecurity standards could lower fraud-related losses, encourage innovation, and attract investment into Nigeria’s fintech ecosystem. It may also create demand for cybersecurity professionals, boosting job creation in a critical area of the digital economy.
More broadly, the initiative positions Nigeria to build a more secure and resilient financial infrastructure—one that can support continued digital transformation while safeguarding the interests of businesses and millions of everyday users.