CBN Issues Three-Week Deadline for Banks to Complete Cybersecurity Self-Assessment
The Central Bank of Nigeria (CBN) has issued a directive requiring all deposit money banks operating within the country to complete a comprehensive cybersecurity self-assessment within a strict three-week timeframe. This mandate forms part of the apex bank's broader strategy to enhance resilience across Nigeria's financial system amid escalating digital threats.
New Cybersecurity Assessment Tool Introduced
In an official notice dated March 30, 2026, and published on its website, the CBN introduced the Cybersecurity Self-Assessment Tool (CSAT) to evaluate the cyber risk exposure of regulated entities. The assessment will examine multiple critical areas including governance structures, risk management frameworks, technology systems, third-party risks, incident response capabilities, and overall operational resilience.
The regulator emphasized that this initiative aligns with its statutory mandate under the Banks and Other Financial Institutions Act 2020 and demonstrates its commitment to strengthening cybersecurity standards throughout the financial sector. Other regulated institutions, including financial institutions and payment service providers, have been granted up to five weeks to comply with the directive.
Submission Requirements and Compliance Enforcement
All affected institutions must complete and submit their assessments through a dedicated portal, with login credentials to be provided to Chief Information Security Officers and relevant officials. Submissions must include all required documentation and accurately reflect each institution's cybersecurity posture as of December 31, 2025.
The CBN has issued a stern warning regarding the accuracy of information provided, stating that all data must be complete, accurate, and verifiable. False or misleading disclosures will be treated as regulatory breaches and could result in significant sanctions against offending institutions.
Verification Process and Regulatory Oversight
The apex bank has announced plans to conduct off-site reviews and supervisory engagements to verify the accuracy of all submissions. Insights generated from this comprehensive exercise will support risk-based supervision and strengthen regulatory oversight of cybersecurity threats within Nigeria's financial ecosystem.
This directive takes immediate effect and signals tighter regulatory scrutiny of cyber risks in the banking sector, particularly as digital transactions continue to grow and exposure to cyber threats increases across the industry.
Context of Rising Cyber Threats
The CBN's action comes against a backdrop of growing concerns about digital fraud within Nigeria's financial system. Industry stakeholders have repeatedly warned that inadequate cybersecurity frameworks could undermine customer trust and potentially slow the expansion of digital banking services throughout the country.
Victor Ologun, a marketing professional within the financial services sector, highlighted these concerns in comments to PUNCH, noting that insufficient cyber defenses continue to expose customers to escalating risks in the digital banking environment.
This cybersecurity assessment initiative represents a proactive measure by the CBN to address these vulnerabilities and strengthen the overall security posture of Nigeria's financial institutions as they navigate an increasingly digital landscape.
