The Bank of Zambia has issued a cautionary statement on the growing scale of cyber threats facing the country’s financial sector, reflecting wider continental challenges in safeguarding digital financial ecosystems.
Speaking in Lusaka at the launch of the ninth annual banking industry survey by PwC Zambia, Governor Denny Kalyalya observed that malicious actors—including organised criminal networks and hacktivist groups—are increasingly exploiting technological vulnerabilities to compromise data, disrupt operations and erode public trust in financial institutions.
He explained that the attractiveness of the sector to cybercriminals has been heightened by the rapid expansion of financial services across Zambia, driven largely by mobile penetration and the rising demand for accessible, technology-enabled banking solutions. This growth, while accelerating financial inclusion, has simultaneously widened the attack surface for cyber and fraud risks.
Kalyalya underscored the risks created by the interconnectedness between banks, mobile operators and third-party service providers, which collectively form a complex ecosystem vulnerable to sophisticated digital threats. He stressed that safeguarding financial stability in such an environment requires collective responsibility, enhanced collaboration and robust governance frameworks.
In line with this priority, the central bank has introduced cyber and information risk management guidelines designed to strengthen institutions’ capacity to anticipate, withstand and recover from cyber incidents. These measures form part of the Bank of Zambia’s 2024–2027 Strategic Plan, which places emphasis on cyber resilience and fraud mitigation as integral to financial stability.
Across Africa, financial regulators are confronting similar challenges, with cyber incidents increasingly recognised as systemic risks. A 2023 African Union Commission report underscored that the expansion of mobile money and digital banking, while a catalyst for inclusion, also presents new vectors for financial crime and cyberattacks. The Zambian case reflects a regional pattern where regulatory authorities are moving beyond compliance to embed resilience as a strategic priority.
Analysts argue that addressing these risks requires a pan-African approach, where regulatory coordination, knowledge sharing and cross-border incident response mechanisms play a central role. As African economies deepen financial integration and cross-border digital trade, the capacity to anticipate and mitigate cyber threats will be decisive in shaping the credibility and inclusiveness of the continent’s financial systems.
The Bank of Zambia’s warning is therefore not solely a national concern but part of a wider continental imperative to ensure that the digital transformation of Africa’s financial sector is underpinned by trust, resilience and security.
