An Investigation of the Effectiveness of Risk Management Strategies Implemented by Banks to Curb Cyber Risk. A Case of CBZ Bank

Abstract

Banks in Zimbabwe were greatly affected by cyber risk between 2015 and 2020. During this period, the trend had threatened much the viability and sustainability of financial institutions. Given this background, the study sought to ascertain the effectiveness of risk management strategies which were employed by these banks in curbing cyber risk and test the hypothesis that poor and inadequate technological infrastructure and internal control mechanisms, absence of legislation and bank-specific factors are the major drivers of cyber risk in Zimbabwe. A combination of causal, explorative and quantitative research designs was adopted for this study. The targeted selected population were seven (7) CBZ Bank Harare branches. Judgmental sampling method was used for selection of research respondents. Secondary data used in models was sourced from sources such as CBZ reports, journals, Reserve Bank of Zimbabwe (RBZ), internet and private websites. Primary data which was used to substantiate the model results was gathered using questionnaires. The failure by the government to enact cyber laws was exposed in this study as one of the contributory factors of cyber risk. Based on research findings, the study suggests that banks should put in place vibrant risk management strategies such as running automated vulnerability scanning tools against all networked devices at least weekly and remedy any vulnerability within an agreed time frame, police the network perimeter where banks should establish multi-layered boundary defences with firewalls and proxies deployed between the untrusted external network and the trusted internal network, user education and awareness as well as maintain the Board’s engagement with information risk. The Reserve Bank should embark on proactive supervision and monitoring of bank rather than reactive approach.