F1000Research (Mar 2024)
An overview of cybersecurity in Zimbabwe’s financial services sector [version 2; peer review: 2 approved, 1 approved with reservations]
Abstract
Background As nations, businesses, and individuals rely on the Internet for everyday use, so are cybercriminals manipulating systems to access information illegally and disrupting services for financial gain. The global cost of cybercrime eclipsed one trillion US Dollars in 2020, with Africa losing US $3.5 billion. Methods A quantitative research methodology was adopted to investigate factors affecting cybercrime in Zimbabwean financial institutions. The study focused on the technical aspects of cybersecurity. Data were collected from July 2022 to October 2022, targeting technology experts in the financial services sector. Participants were recruited from 13 institutions to rank cybersecurity constructs, frameworks, and challenges associated with cybersecurity. Data was collected using a questionnaire distributed to participants. Descriptive statistics were used to extract meanings from the responses that measure mean and standard deviation. Results Network and data security were the most highly ranked cybersecurity constructs, while physical security was the least. The top three barriers are increasing sophistication of threats, limited skills and emerging technologies, while lack of executive support was the least. The top frameworks used are the Information Technology Infrastructure Library (ITIL) and Control Objectives for Information and Related Technologies (COBIT), while a fifth is yet to adopt cybercrime frameworks. Conclusions The study proposes that financial institutions establish a cybersecurity culture to fight cybercrime, addressing cybersecurity barriers and following best practices. Financial institutions should invest in cybersecurity technologies, train security specialists, and employ a Chief Information Security Officer (CISO). The study’s small sample may affect the generalisability of the results. Financial institutions should implement strategies to raise awareness and collaborate with institutions to train cybersecurity security specialists to close the skills gap.