Strategies Adopted by Selected Financial Institutions in Nigeria to Prevent Information Asset Breaches

Afeez Folorunsho Lawal

doi:10.32350/sri.32.05

Afeez Folorunsho Lawal Al-Hikmah University, Ilorin, Nigeria

Keywords: cyber security,, information assets,, financial institutions,, Nigeria,, CBN framework,, risk management,, integrated systems theory

Abstract

Abstract Views: 0

Financial institutions in Nigeria are highly vulnerable to cyber-attacks. Many of them lack the capacity to implement the Central Bank of Nigeria’s (CBN) risk-based cybersecurity framework. This has eroded customer trust. Based on the Integrated Systems Theory of Information Security Management, this study aimed to examine strategies adopted by selected financial institutions to prevent information asset breaches. Using a qualitative multiple-case-study approach, data were collected through in-depth interviews with 25 participants (5 Board Members, 5 Senior Managers, 5 Chief Information Security Officers, and 10 IT Officers) from five institutions, supplemented by secondary sources. Thematic analysis revealed that institutions align security plans with organizational strategies and have policies in place, but demonstrate minimal capacity for full CBN compliance. Findings indicate the institutions’ 100 percent alignment with internal strategies, but only 40 percent full compliance with CBN’s risk-based guidelines based on participant reports. The study recommends CBN-led capacity building to enhance adoption as well as fostering positive social change through restored public confidence

Downloads

Download data is not yet available.

References

Abraham, S., & Chengalur-Smith, I. (2019). Evaluating the effectiveness of learner-controlled information security training. Computers & Security, 87, Article e101586. https://doi.org/10.1016/j.cose.2019.101586

Adelmann, F., Ergen, I., Gaidosch, T., Jenkinson, N., Khiaonarong, M. T., Morozova, A., Wilson, C. (2020). Cyber risk and financial stability: It’s a small world after all. International Monetary Fund.

Akinrolabu, O., Nurse, J., Martin, A., & New, S. (2019). Cyber risk assessment in cloud provider environments: Current models and future needs. Computers & Security, 87, Article e101600. https://doi.org/10.1016/j.cose.2019.101600

Akintoye, R., Ogunode, O., Ajayi, M., & Joshua, A. A. (2022). Cyber security and financial innovation of selected deposit money banks in Nigeria. Universal Journal of Accounting and Finance, 10(3), 643–652.

Alawonde, K. O. (2020). Tailored information security strategies for financial services companies in Nigeria [Doctoral dissertation, Walden University]. Scholarworks. https://scholarworks.waldenu.edu/dissertations/8662/

Balogun, K. O. (2018). Letter to all banks and payment service providers: Exposure draft of the risk-based cybersecurity framework and guidelines for deposit money banks and payment service providers. Central Bank of Nigeria.

Central Bank of Nigeria. (2015). Regulatory and supervisory guidelines for development finance institutions in Nigeria. https://www.cbn.gov.ng/out/2015/ofisd/regulatory%20and%20supervisory%20guidelines%20for%20development%20finance%20institutions%20in%20nigeria%202015.pdf

Central Bank of Nigeria. (2018). National financial inclusion strategy (Revised). https://www.cbn.gov.ng/out/2019/ccd/national%20financial%20inclusion%20strategy.pdf

Central Bank of Nigeria. (2019). Nigeria financial services industry IT standards blueprint. https://www.cbn.gov.ng/itstandards/IT_Standards_Blueprint_V1.0.pdf

Chakkaravarthy, S., Sangeetha, D., Venkata Rathnam, M., Srinithi, K., & Vaidehi, V. (2018). Futuristic cyber-attacks. International Journal of Knowledge-Based Intelligent Engineering Systems, 22(3), 195–204. https://doi.org/10.3233/KES-180384

Eze, C. U., Ebe, E. C., Okwo, I. M., Ibeabuchi-Ani, O., Odume, M. S., Godspower, J. O., & Obeagu, E. I. (2022). Effect of the capability component of fraud theory on fraud risk management in Nigerian banks. International Journal of Financial Research, 13(1), 90–95.

Familoni, B. T., & Shoetan, P. O. (2024). Cybersecurity in the financial sector: A comparative analysis of the USA and Nigeria. Computer Science & IT Research Journal, 5(4), 850–877.

Figueira, P. T., Bravo, C. L., & López, J. R. (2019). Improving information security risk analysis by including threat-occurrence predictive models. Computers & Security, 88, Article e101609. https://doi.org/10.1016/j.cose.2019.101609

Flowerday, S. V., & Tuyikeze, T. (2016). Information security policy development and implementation: The what, how and who. Computers & Security, 61, 169–183. https://doi.org/10.1016/j.cose.2016.06.002

Ghafir, I., Saleem, J., Hammoudeh, M., Faour, H., & Baker, T. (2018). Security threats to critical infrastructure: The human factor. The Journal of Supercomputing, 74(10), 4986–5002. https://doi.org/10.1007/s11227-018-2337-2

Grandstaff, J. L., & Solsma, L. L. (2021). Financial statement fraud: A review from the era surrounding the financial crisis. Journal of Forensic and Investigative Accounting, 13(3), 421–437.

Hadlington, L., Popovac, M., Janicke, H., Yevseyeva, I., & Jones, K. (2019). Exploring the role of work identity and work locus of control in information security awareness. Computers & Security, 81, 41–48. https://doi.org/10.1016/j.cose.2018.10.006

Hassan, A. O., Ewuga, S. K., Abdul, A. A., Abrahams, T. O., Oladeinde, M., & Dawodu, S. O. (2024). Cybersecurity in banking: A global perspective with a focus on Nigerian practices. Computer Science & IT Research Journal, 5(1), 41–59.

Hassan, A., & Ahmed, K. (2023). Cybersecurity’s impact on customer experience: An analysis of data breaches and trust erosion. Emerging Trends in Machine Intelligence and Big Data, 15(9), 1–19.

Hemanidhi, A., & Chimmanee, S. (2017). Military-based cyber risk assessment framework for supporting cyber warfare in Thailand. Journal of Information & Communication Technology, 16(2), 192–222.

Hinchliffe, A. (2017). Nigerian princes to kings of malware: The next evolution in Nigerian cybercrime. Computer Fraud & Security, 2017(5), 5–9. https://doi.org/10.1016/S1361-3723(17)30040-4

Hong, K., Chi, Y., Chao, L., & Tang, J. (2003). An integrated system theory of information security management. Information Management & Computer Security, 11(5), 243–248. https://doi.org/10.1108/09685220310500153

Ikusika, B. (2022). A critical analysis of cybersecurity in Nigeria and the incidents of cyber-attacks on businesses/companies. Social Science Network. https://ssrn.com/abstract=4165204

Ismail, S., Sitnikova, E., & Slay, J. (2014). Using integrated system theory approach to assess security for SCADA systems cybersecurity for critical infrastructures [Paper presentation]. Proceedings of 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD), Xiamen, China.

Kumar, I. (2023). Emerging threats in cybersecurity: A review article. International Journal of Applied and Natural Sciences, 1(1), 01–08.

National Information Technology Development Agency. (2019). Nigeria data protection regulation. https://nitda.gov.ng/wp-content/uploads/2019/01/NigeriaDataProtectionRegulation.pdf

Niemimaa, E., & Niemimaa, M. (2017). Information systems security policy implementation in practice: From best practices to situated practices. European Journal of Information Systems, 26(1), 1–20. https://doi.org/10.1057/s41303-016-0025-y

Ogunode, O. A., & Akintoye, R. I. (2023). Financial technologies and financial inclusion in emerging economies: Perspectives from Nigeria. Asian Journal of Economics, Business and Accounting, 23(1), 38–54.

Ojukwu-Ogba, N., & Osode, P. C. (2020). The legal combat of financial crimes: A comparative assessment of the enforcement regimes in Nigeria and South Africa. African Journal of Legal Studies, 13(2), 130–152.

Olaniyi, O. O., Olaoye, O. O., & Okunleye, O. J. (2023). Effects of information governance (IG) on profitability in the Nigerian banking sector. Asian Journal of Economics, Business and Accounting, 23(18), 22–35.

Ololade, B. M., Salawu, M. K., & Adekanmi, A. D. (2020). E-fraud in Nigerian banks: Why and how? Journal of Financial Risk Management, 9(3), 211–228.

Omotubora, A., & Basu, S. (2018). Regulation for e-payment systems: Analytical approaches beyond private ordering. Journal of African Law, 62(2), 281–313. https://doi.org/10.1017/S0021855318000104

Onunka, O., Alabi, A. M., Okafor, C. M., Obiki-Osafiele, A. N., Onunka, T., & Daraojimba, C. (2023). Cybersecurity in US and Nigeria banking and financial institutions: review and assessing risks and economic impacts. Advances in Management, 1(2), 54–62.

Paananen, H., Lapke, M., & Siponen, M. (2020). State of the art in information security policy development. Computers & Security, 88, Article e101608. https://doi.org/10.1016/j.cose.2019.101608

Rahman, N. A., & Choo, K. (2015). A survey of information security incident handling in the cloud. Computers & Security, 49, 45–69. https://doi.org/10.1016/j.cose.2014.11.006

Ros, G. (2020). The making of a cyber crash: A conceptual model for systemic risk in the financial sector. ESRB Occasional Paper Series.

Sharma, P., & Barua, S. (2023). From data breach to data shield: The crucial role of big data analytics in modern cybersecurity strategies. International Journal of Information and Cybersecurity, 7(9), 31–59.

Stafford, T., Deitz, G., & Li, Y. (2018). The role of internal audit and user training in information security policy compliance. Managerial Auditing Journal, 33(4), 410–424. https://doi.org/10.1108/MAJ-07-2017-1596

Tarhini, A., Mgbemena, C., Trab, M., & Masa’deh, R. (2015). User adoption of online banking in Nigeria: A qualitative study. Journal of Internet Banking and Commerce, 20(132), 1–24.

Thomaidis, A. (2022). Data breaches in hotel sector according to General Data Protection Regulation (EU 2016/679). In M. Valeri (Ed.), Tourism risk: Crisis and recovery management (pp. 129–140). Emerald Publishing Limited.

Umanhonlen, F. O., Otakefe, J. P., & Osikhenaogiedu, K. (2020). Combating economic and financial crimes in Nigeria: The role of the forensic accountant. Journal of Management and Science, 10(4), 12–28.

Vedral, B. (2021). The vulnerability of the financial system to a systemic cyberattack [Paper presentation]. Proceedings of the 13th International Conference on Cyber Conflict (CyCon). Tallinn, Estonia.

Victory, C. O., Promise, E., & Mike, C. N. (2022). Impact of cybersecurity on fraud prevention in Nigerian commercial banks. Jurnal Akuntansi, Keuangan, dan Manajemen, 4(1), 15–27.