CBN Orders Banks to Complete Cybersecurity Self-Assessment Tool

Central Bank of Nigeria (CBN) directed all banks, fintechs, and financial institutions to complete a new Cybersecurity Self-Assessment Tool (CSAT) via a March 30 circular. Deposit money banks have three weeks (by April 20) to comply; other institutions like microfinance banks and payment service providers have five weeks (by May 4). Submissions must cover data as of December 31, 2025, be accurate and verifiable, and include supporting documents—false or misleading data will attract sanctions.

This proactive move addresses Nigeria's surging cyber threats: the banking sector faced 4,718 weekly attacks in 2024, and fraud losses jumped 603% year-on-year to ₦3.29 billion in Q1 2025. With instant payments reaching ₦284.99 trillion, the attack surface has widened across digital channels.

The CSAT deeply evaluates cybersecurity governance, risk management frameworks, third-party risks, incident response, and operational resilience. Insights will support risk-based supervision and enhance regulatory oversight.

Given the fraud spike, should CBN mandate public disclosure of CSAT results to empower customers, or is self-assessment sufficient for now?

SOURCE: https://techcabal.com/2026/04/01/cbn-gives-banks-21-days-to-grade-their-cyber-defences/