The Governor of the Bank of Ghana, Dr Johnson Asiama, says cyber threats are no longer just isolated IT incidents but have become national security concerns, as the central bank introduces a new cybersecurity directive.

The Bank of Ghana (BoG) has introduced six strategic pillars forming the backbone of its revised Cyber and Information Security Directive (CISD 2026) to ensure a safer and more resilient digital financial sector.

At the launch, Dr Johnson Asiama said that the framework is not just regulatory guidance but a commitment to every individual or business who entrusts their financial data to the sector.

“A Safer and More Resilient Digital Financial Industry,” he said, “is the central pillar of our regulatory philosophy.”

The CISD 2026 focuses on robust governance, clear accountability and proactive defence, with key innovations designed to future-proof the financial ecosystem.

“However, this progress has also invited sophisticated and persistent information security risks. From ransomware attacks that can paralyse a bank for days, to systemic data breaches that can shatter public trust in an instant, the threats we face are no longer just isolated IT incidents; they are national security concerns.”

“The Bank of Ghana recognised this shift years ago. The first Directive, issued in 2018, laid the groundwork. But we must be honest: a framework designed for the challenges of 2018 cannot adequately solve the problems of 2026. The threat landscape has changed, and so must we. We have moved beyond simple compliance toward a posture of active and collective cyber resilience,” Dr Asiama said.

The directive is built around the following six key pillars designed to future-proof the financial sector against cyber threats:

AI and Machine Learning Governance – Ensuring transparency, fairness, and security as financial institutions increasingly adopt AI for fraud detection, credit scoring, and customer service.

Cloud Computing Security – Promoting the responsible and risk-based adoption of cloud technologies while maintaining data sovereignty for sensitive financial information.

Proportionality Framework – Tailoring cybersecurity requirements to the size and risk profile of institutions, preventing undue burden on smaller banks and fintechs.

Board-Level Accountability – Mandating at least one board member with verified cyber risk expertise, embedding security considerations at the highest strategic level.

Inclusive Oversight -Expanding coverage beyond universal banks to include micro-finance institutions, savings and loans companies, fintechs, and partner regulators, creating a unified defence across the sector.

Proactive Defence and Preparedness- Strengthening systems to anticipate, prevent, and respond to evolving cyber threats.

“Building and maintaining a world-class defence capability like the FICSOC requires significant investment in infrastructure, advanced technology, and, most importantly, highly skilled personnel. As the Sectoral CERT, the Bank of Ghana has borne the initial cost of this critical national infrastructure to get it off the ground,” the Governor added.