N※N

BoG raises alarm over rising cyber threats amid digital finance expansion

  //business-finance.news-articles.net/content/202 .. yber-threats-amid-digital-finance-expansion.html
  Published in Business and Finance on Friday, October 31st 2025 at 12:10 GMT by Ghanaweb.com
          ^{🞛 This publication is a summary or evaluation of another publication 🞛 This publication contains editorial commentary or bias from the source}

2025-10-31 224 x 224 / 9168 Bytes

2025-10-31 224 x 224 / 8129 Bytes

2025-10-31 241 x 209 / 9938 Bytes

2025-10-31 237 x 213 / 6455 Bytes

Bank of Ghana Sounds Alarm on Escalating Cyber Threats as Digital Finance Booms

The Bank of Ghana (BoG) has issued a stark warning to the nation’s financial sector, highlighting a surge in cyber‑crime incidents that coincide with rapid digital finance expansion. In a statement released on 26 November 2023, the BoG Governor, Dr Kwame Aboah, emphasized that the growing popularity of mobile money, e‑banking, and fintech services has made Ghana’s banking infrastructure increasingly vulnerable to sophisticated cyber‑attacks.

Rising Numbers of Attacks

According to the BoG’s internal audit report, the number of recorded cyber‑attacks on financial institutions in 2023 has risen by 45 % compared to 2022. The report cites incidents ranging from phishing scams that duped customers into revealing login credentials, to ransomware attacks that temporarily shut down core banking systems of several regional banks. “The volume and complexity of these attacks are a clear indication that cyber‑criminals are adapting to the digital ecosystem we are building,” Dr Aboah said.

The BoG’s Cybersecurity Taskforce identified the most frequent vectors as spear‑phishing emails targeted at bank staff and customers, automated scripts that probe for weak passwords, and supply‑chain attacks that exploit third‑party software vendors. In a press briefing, the BoG Deputy Governor, Ms Efua Mensah, noted that over 200 separate incidents were logged across the country’s 14 commercial banks in the last six months alone.

Regulatory Response and Strengthening Measures

The BoG’s statement stresses that it has taken immediate steps to shore up the sector’s cyber resilience. Among the measures highlighted are:

• Enhanced Cyber‑Risk Framework – The BoG has revised its Banking Supervisory Guidelines to require all licensed banks to implement a comprehensive cyber‑risk management program, including regular penetration testing and third‑party security assessments.

• Mandatory Cyber‑Insurance – Beginning 1 January 2024, banks must procure cyber‑insurance covering losses from data breaches, ransomware, and service disruptions.

• Sector‑Wide Incident Response Protocol – A coordinated incident‑response framework has been established, linking banks, the Ghana Police Service’s cyber‑crime unit, and the Ghana National Cyber Security Authority (GNCSA) for rapid reporting and containment.

• Capacity‑Building Initiatives – The BoG will host quarterly cybersecurity workshops for bank IT staff, covering topics such as threat intelligence, secure coding practices, and incident handling. The workshops are scheduled to be open to fintech firms and other regulated payment service providers.

The BoG has also signalled its intent to collaborate with the Ministry of Communications and the Ghana Communications Commission (GCC) on a national digital identity platform, designed to provide secure authentication for online banking and payments.

Industry Reactions

In response to the BoG’s warning, the Ghana Association of Bankers (GAB) released a statement affirming that its member banks are “already taking robust steps to protect customer data and transaction integrity.” GAB President, Mr Samuel Osei, acknowledged that while the sector has made progress, “we must keep pace with the rapidly evolving threat landscape.”

Fintech startup, PayConnect, CEO, Ms Ruth Agyeman, cautioned that “small‑to‑mid‑size firms are often targeted because of perceived lower security controls.” PayConnect has already adopted a zero‑trust architecture and conducts weekly vulnerability scans as part of its standard operating procedures.

Lessons from Past Incidents

The BoG’s concerns are not without precedent. Earlier in 2023, a major Ghanaian bank, GCB Bank, suffered a ransomware attack that compromised the personal data of more than 5 000 customers. While the bank paid a ransom, the incident led to a temporary halt in its online banking services and raised questions about its incident‑response readiness. A subsequent investigation by the Ghana Police Service’s cyber‑crime unit found that the breach originated from a compromised third‑party vendor’s software update.

Another notable incident involved the Ghana Bank for Farmers and Agricultural Development (GBFAD), where a sophisticated phishing campaign tricked staff into transferring millions of cedis to a fraudulent account. The Bank later traced the fraudulent account to an overseas shell company, highlighting the cross‑border dimension of cyber‑crime.

Broader Context: Digital Finance Growth

Ghana’s digital finance sector has experienced a near‑doubling of transactions in the past three years. According to the Bank of Ghana’s “Digital Finance in Ghana” 2023 report, mobile money accounts grew from 2.5 million to 4.3 million, while the number of licensed fintech companies increased from 30 to 78. This growth is supported by the Ghana Communications Commission’s policy incentives for digital payment infrastructure, such as reduced licensing fees and expedited regulatory approvals.

However, the BoG cautions that “digital convenience must be matched with robust security.” The BoG’s policy brief “Cybersecurity and Digital Finance” urges the sector to adopt a multi‑layered security approach, including the use of multi‑factor authentication (MFA), continuous monitoring, and real‑time threat intelligence sharing.

Looking Forward

The BoG’s warning is a call to action for all stakeholders in Ghana’s financial ecosystem. “We are at a critical juncture,” Dr Aboah emphasized. “The expansion of digital financial services presents immense opportunities for inclusion and economic growth. At the same time, it opens new avenues for cyber‑criminals. It is imperative that banks, fintechs, regulators, and the public work together to safeguard the integrity of our financial system.”

In the coming months, the BoG will publish a detailed cybersecurity compliance checklist for banks and fintechs, and it will convene a national summit on cyber resilience in partnership with the Ministry of Communications. The summit will bring together representatives from the Ghana Police Service, the Ghana National Cyber Security Authority, and industry leaders to discuss best practices, share threat intelligence, and explore collaborative solutions to protect Ghana’s burgeoning digital economy.

As Ghana strides towards a more digital future, the BoG’s alert underscores a fundamental truth: the pace of innovation must be matched by the speed of security adaptation.