Cybersecurity Practices Among Foreign Banks In Ghana

ABSTRACT The main aim of the study was to investigate the level of awareness, practices and compliance level to the cyber-security directive of the central bank among the foreign banks operating in Ghana. A multistage sampling technique was used to arrive at the final respondents for the study. The study had a total of 46 respondents from 13 foreign owned banks in Ghana. All respondents indicated they knew there was a policy on cybersecurity. To verify the knowledge of the respondents to their organization’s cybersecurity policy, we sort to know the standards or framework adopted. Majority indicated that they had no idea of the standards their organization was using. Most respondents who were staff of foreign banks knew there was a cybersecurity policy and were aware of it. But a further probe showed they did not have much information on the policy. Knowledge regarding the standards and framework used was not readily known by most respondents. Internal Audits was the main means to detect cyber security threats followed by formal risk analysis and penetration test. Over half of respondents said they could remotely access the cyber system of the organization. But however, most devices apart from the organization’s computers were not allowed on the system. This improves security and prevents threats. To keep staff updated with cyber security issues and systems, routine training programs, seminars or conferences should be held. Both the bank and the central bank has to make it mandatory for every bank staff to undergo some level of cyber training. Drills and exercises in instances of cyber-attacks are an important step towards dealing with a cyber-attack. This would relatively improve the level of preparedness for a cyber threat. Cyber systems need to be audited internally and more frequently to expose loop holes or threats in the systems being used by the banks. This could also be augmented with external audits and risk analysis.