Cybersecurity Maturity Assessment Framework: The Case of Ethiopian Banks
No Thumbnail Available
Date
2024-10
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
As the banking sector becomes a key player in globalized cyberspace with increasing reliance on digital services, it is prone to a wide range of emerging cybersecurity risks. As cybersecurity can only be achieved through a well-organized set of controls; existing cybersecurity maturity frameworks, while comprehensive and vague, fail to address the unique cybersecurity challenges faced by Ethiopian banks. The literature review discovered that no study has proposed a cybersecurity maturity assessment framework for the Ethiopian banking sector.
This study aims to propose a customized framework by reviewing multiple cybersecurity maturity assessment frameworks to identify their weaknesses and strengths. After a thorough assessment, we have identified the major limitations of the existing frameworks and they are not easy to understand, expensive to implement, require intensive and equipped human resources, and are not tailored to the banking sectors to fix operational challenges. Moreover, to assess existing cybersecurity maturity frameworks in banks, data was collected from 9 selected governmental and private banks, and a thematic analysis approach was utilized for the qualitative data collected. As the findings reveal, all selected banks don’t have a proper cybersecurity maturity assessment framework as well as improper adoption of international standards.
To address identified weaknesses, a customized cybersecurity maturity assessment framework is proposed to enable banks to identify their security posture and manage their security risks. The proposed framework comprises various components such as regulatory requirements, personal data protection, supply chain security, awareness and culture development, cyber governance, cyber risk management, business continuity and disaster recovery, incident response plan, information sharing, and collaboration, and incorporates international best practices like General Data Protection Regulation (GDPR). To evaluate the framework expert review has been done as the framework contributes to both academic literature and industry practice by providing a customized framework for banks to assess and improve their cybersecurity maturity.
Description
Keywords
Cybersecurity, Cybersecurity Maturity, Cybersecurity Maturity Assessment Framework