Board of Directors of banks and financial institutions in the country have been advised to dedicate at least two of their board meetings to issues relating to cyber security.
In the wake of increasing cyber security threats across the globe the Director at the Information Security Office at the Bank of Ghana, Samuel Senyo Okine, urged the board of directors of financial institutions to make cyber security issues a priority in their board meetings.
“I am talking about board meetings on cyber security issues only. If we want to keep the environment safe then we need to think in this direction,” he stated.
Mr Okine was speaking at a breakfast meeting which was organized by the Ghana Association of Banks (GAB) in partnership with the CSA as part of events to mark National Cybersecurity Month.
The breakfast meeting was held under the theme ‘Ghana’s Cybersecurity Act, 2020: the Bank of Ghana Cyber and Information Security Directive; Its Implications and the Role of the Board of Directors’.
He also urged senior management members of financial institutions to establish an information risk strategy and must see to its implementation and maintenance.
He said they must also formulate the cyber security policies of their respective banks, review the adequacy of the policies at least once a year, and adequately resource the development of the cyber security framework and policies.
“So what we are saying is that after you put in place the policies, provide the funding and human resource to make them work.
‘To successful with cyber security, we need to understand that there are three things; you need the people who are doing the work you; need the technology to ensure you achieve your objectives and must ensure you have put in place the right processes,” he explained.
Speaking in an interview with the media on the sidelines of the breakfast meeting, the Chief Executive Officer of the Ghana Association of Banks, John Awuah, said although he would not prescribe that a certain number of meetings be dedicated to cyber security issues, it was necessary to spend a sufficient time on such issues.
“The number of board meetings mandated by law is a minimum of four meetings in a year, this means you can have more meetings than the four prescribed.
“It will be difficult to prescribe how many of those meetings should be dedicated to a certain subject matter, as it all depends on the know how around the table,” he stated.
He added that “maybe just one meeting or half session will be sufficient to deal with a particular subject matter if the people around the table have the right balance of skills so while I will not prescribe that two or three meetings, I think sufficient time should be dedicated to cyber security issues.”
Mr Awuah also noted that it would be appropriate for banks to have at least one cyber security expert on their boards.