First Deputy Governor of the Bank of Ghana, (BoG), Dr. Maxwell Opoku-Afari, has said that the Government of Ghana recognizes the threat cyberattacks and cybercrimes pose to critical information infrastructure as well as the damage it can cause to the trust and confidence in the financial system.
As a result, he said, the Government responded swiftly through regulatory measures such as the Data Protection Act, 2012 (Act 843) and the Cybersecurity Act, 2020 (Act 1038), as well as supporting directives and other related legislation to enforce provisions of the law across all sectors of
the economy.
The Data Protection Act, 2012 (Act 843) recognizes a person’s right to protect and safeguard their personal data and the Act sets out eight (8) basic principles for those institutions that control data to implement measures to protect the rights of data subjects and safeguard their personal information.
“At the same time, the new Cybersecurity Act, 2020 (Act 1038): makes provision for the protection of Critical Information Infrastructures in the country including the information under the control of the financial sector which is identified as a prime sector.
Section 44 of the Cybersecurity Act, 2020 (Act 1038) further provides the legal basis for BoG to lead the Sectoral Computer Emergency Response Team (CERT) for the financial sector, and I must say that as far as this is concerned work has already started to ensure the deployment of a security setup that provides realtime visibility into cyber threats and attacks targeting the financial sector,” he said during the official launch of the National Cyber security awareness month on Friday, October 1.
He added “Given the increasing spate of cyber-attacks on the Financial sector worldwide, which has become more frequent with sophistication in recent times, and given the fact that our financial sector has also had its fair share of these attacks, The Bank of Ghana, as far back as October 2018 took actionable steps to issue the Cyber and Information Security Directive in a bid to enhance and protect the security of this critical sector of our economy.
“The Directive, at the time was aimed at creating a secure environment within the cyberspace for the financial services industry and thus serve to generate adequate trust and confidence in Information Communication and Technology (ICT) systems.
Following the issuance of the Directive, the Bank of Ghana has introduced many initiatives to strengthen and secure the information security architecture of the banks, to ensure the systems at the banks are robust and resilient.
Mr. Chairman, permit me at this stage to list a few of the actions we have taken in this regard: The Bank of Ghana has worked collaboratively with the commercial
banks to meet the governance requirements of the Directive, that is, appointments of Board Committee on Cyber and Information Security with a clear Charter; assignment of Director of Cyber and Information Security (DCIS); and appointment of Chief Information Security Officers (CISOs).
b. Banks have been reporting their cyber and information security incidents to the Bank of Ghana on monthly basis.
c. The Bank of Ghana continues to have periodic engagement with member banks to clarify aspects of the Directive.
d. The Bank of Ghana, through the Directive, has facilitated safer digital transformation with the adoption of cloud technologies.
e. So far, the Bank of Ghana has prepared banking sector Cyber and Information Security guidelines to protect consumers and create a safer environment for online and e-payments products.
Among others, the guidelines seek to create a secure environment for transactions within the cyberspace and guarantee trust and confidence in ICT systems; provide an assurance framework for the design of security policies in compliance to global security standards and best practices by way of cyber and information security assessments, and protect banks, customers and clients against the potentially devastating consequences of cyber-attacks.