The Reserve Bank of Zimbabwe has urged local banks to update their cyber risk management policies in the face of COVID-19. Ok, that’s a bit misleading. RBZ says since digital transactions are increasing during the pandemic banks have to bolster their security.
Accelerated digitisation by banking institutions in the wake of COVID-19 and the remote working arrangements have expanded the attack surface of banks’ information technology networks. Critical business functions are more exposed to opportunistic and targeted cyber-attacks by criminals and thus increasing consumer protection risks.
Cyber and anti-fraud controls are critical for banking institutions during and post COVID-19. Banking institutions are called upon to remain alert to such threats and activate appropriate risk management responses and to conduct ongoing consumer education campaigns.
RBZ has instructed banks to review their preparedness for cyber threats. Banks are then expected to submit updated Cyber risk policies before October ends.
In 2019, Mangudya made a similar declaration. At the time he demanded banks update their cybersecurity policies and start issuing out EMV cards. The deadline for that was 31 March 2019. It came, went and banks didn’t comply. In fact, over 12 months later banks are still issuing out cards deemed insecure by RBZ.
After speaking to people in the banking sector it became clear why banks didn’t comply. Issuing out EMV cards was too expensive for the banks. If anything the economic downturn might mean banks are actually in a worse off position.
Alternatively, maybe banks can pass on the cost to clients. Bank clients are already disillusioned by bank charges when transacting…