Developing And Assessing A Cyber-resilience Framework For Kenyan Banks.

Rampant cyber incidences in Kenya targeting banks call for mediations beyond existing cybersecurity principles. This quantitative study sought to collate multi-domain variables from previous works to develop a framework for measuring cyber-resilience in Kenyan banks known as the Cyber-resilience Framework for Banks (CRF4Banks). The framework consists of eight key cyber-resilience constructs and their constituent variables, identified from empirical research and literature. Cyber-resilience has not received the attention it requires in Kenyan banks. Often conflated and confused with cybersecurity, cyber-resilience has not received as much attention as cybersecurity principles. Many reports on financial institutions in Kenya focus mainly on organisational and financial stability, done as part of annual financial audit, and ignore the role played by cyber-resilience. Compounding this, are the fragmented and competing cybersecurity assessments from a multitude of cybersecurity providers that lack coherence. The financial sector in Kenya needs its own unified framework and common measurement indicators, built from best practices, and curated for cyber esilience. The research, through CRF4Banks, roots for an integrated approach towards measuring cyber-resilience. Three factors motivate this: first, because banks share a cyberspace with everyone else who are facing unlimited and borderless vulnerabilities, second, because these vulnerabilities have interlinked causative factors such as financial performance, organisation structure, ICT infrastructure, human; and lastly, because there is a public perception driven by media that banks in Kenya have been hiding cyber-attacks, fearing reputation damage. Kenyan banks were used as the target population.