The Central Bank of Kenya (CBK) has officially launched the Banking Sector Cybersecurity Operations Centre (BS-SOC), a strategic initiative aimed at enhancing the security of the country’s financial sector.

“The Central Bank of Kenya (CBK) announces the establishment of the Banking Sector Cybersecurity Operations Centre (BS-SOC),” read part of CBK’s press release dated September 22, 2025.

The BS-SOC forms a critical part of the implementation of the Computer Misuse and Cybercrime (Critical Information Infrastructure and Cybercrime Management) Regulations, 2024, and aligns with CBK’s Strategic Plan 2024-2027.

“The BS-SOC is a key component in the implementation of the Computer Misuse and Cybercrime (Critical Information Infrastructure and Cybercrime Management) Regulations, 2024, and a strategic initiative under the Central Bank of Kenya (CBK) Strategic Plan 2024-2027.”

Strengthening cybersecurity services

Housed under CBK’s Cyber Fusion Unit, the BS-SOC is equipped to provide key services, including Cyber Threat Intelligence, Incident Response, Digital Forensics, and Cyber Investigations.

These services are designed to support banks and other financial institutions in identifying, responding to, and mitigating cybersecurity threats effectively. The establishment of the centre comes amid increasing regulatory compliance requirements and growing cyber risks in the financial sector.

“The BS-SOC is currently under CBK’s Cyber Fusion Unit, and is equipped to provide critical services such as Cyber Threat Intelligence, Incident Response, Digital Forensics, and Cyber Investigations.”

Regulatory harmonisation

Alongside the launch, CBK has commenced the process of aligning the Commercial Banks Cybersecurity Guidelines 2017 and the Payment Service Providers Cybersecurity Guidelines 2019 with the 2024 Computer Misuse and Cybercrime Regulations.

“CBK takes note of the prevailing regulatory compliance pressures and has commenced the process of aligning and harmonising the Commercial Banks Cybersecurity Guidelines 2017 and the Payment Service Providers Cybersecurity Guidelines 2019 with the provisions of the Computer Misuse and Cybercrimes (Critical Information Infrastructure and Cybersecurity) Regulations 2024.”

Until the harmonisation is complete, all regulated institutions are required to adhere to both sets of guidelines. Institutions must also report cybersecurity incidents to the BS-SOC within the timelines specified under the CMCA regulations, ensuring a coordinated response to potential threats.

CBK emphasised that the success of the BS-SOC depends on active collaboration with all stakeholders in the banking sector. The partnership is critical for enhancing sector-wide resilience and ensuring robust protection against sophisticated cyber threats.

By centralising incident response and threat intelligence, the BS-SOC aims to safeguard the country’s critical financial infrastructure while supporting institutions in maintaining compliance.

“Meanwhile, all regulated institutions must continue to comply with both sets of the requirements simultaneously and are mandated to report cybersecurity incidents to the BS-SOC within stipulated timelines under the CMCA Regulations.The successful implementation of this initiative requires the full collaboration and cooperation of all stakeholders.”

“This partnership is imperative to enhance the resilience of the banking sector against the significant and persistent challenges posed by sophisticated cyber threat actors.”