The Central Bank of Nigeria (CBN) has introduced a mandatory Cybersecurity Self-Assessment Tool (CSAT) for all regulated financial institutions in a bid to bolster the resilience of Nigeria’s banking sector against rising cyber threats.

This initiative is part of the CBN’s statutory responsibilities under the Banks and Other Financial Institutions Act (BOFIA) 2020.

The CSAT will serve as a critical supervisory instrument to assess the cybersecurity frameworks of banks and other financial entities. Specifically, it focuses on risk management practices, incident response strategies, and controls related to third-party technologies.

According to the statement, the CSAT is designed as a supervisory instrument to provide the CBN with “comprehensive information on the cybersecurity posture of regulated institutions.”

It covers key areas including cybersecurity governance, risk management practices, technology and third-party risk controls, incident response capabilities, and overall operational resilience. Insights derived from the CSAT will support risk-based supervision and enhance regulatory oversight of cybersecurity risks across the financial system.

All referenced institutions are required to complete and submit the CSAT through a dedicated submission portal. Access credentials and detailed guidance will be communicated to their Chief Information Security Officers and other relevant officials.

The move comes as financial institutions continue to tackle cybersecurity threats. Recently, First City Monument Bank (FCMB) successfully blocked an attempt by suspected cyber criminals to steal N2.4 billion, after discovering the fraudulent activity in December 2025. The bank was targeted in a large-scale cyber fraud operation that initially aimed to steal more than N3 billion. Despite the preventive measures, N677 million was reportedly transferred to the fraudsters before the bank’s systems detected and blocked further access.