Staff Writer 
THE Reserve Bank of Zimbabwe (RBZ) is at the forefront of efforts to safeguard the financial services sector against the growing threat of cyberattacks and the rising “reliance” on third-party service providers.
This come as the global financial landscape continues to evolve and with increasing digitisation and financial innovation, cybersecurity has become a pressing concern for the country’s banking sector.
In a recent interview with The Financial Gazette, the RBZ deputy governor, Innocent Matshe, underscored the importance of treating cybersecurity as a distinct risk, separate from other operational challenges.
“The RBZ views cybersecurity as an emerging risk, distinct from other operational risks. This aligns with the increasing digitisation and financial innovation within the global financial sector,” he said.
Matshe stressed the urgent need for banking institutions to strengthen their resilience and ensure the continuity of critical services, even during significant operational disruptions.
To tackle these challenges, the RBZ has actively supported banks and payment systems providers (PSPs) in updating their risk management frameworks to incorporate robust cybersecurity measures.
In April 2021, the central bank issued a guideline through the National Payment System, directing banks and PSPs to adopt a risk-based approach to cybersecurity. This guideline is a crucial tool in enhancing the sector’s defences against cyber threats.
Matshe reaffirmed the RBZ’s ongoing commitment to ensuring compliance with these requirements.
“On an ongoing basis, the reserve bank ensures that banks comply with cybersecurity requirements,” he said.
“Going forward, the RBZ will review its cybersecurity frameworks to ensure they remain aligned with the sector’s needs and reflect developments in the cybersecurity threat landscape.”
Bankers Association of Zimbabwe (BAZ) president, Lawrence Nyazema, highlighted that cyber concerns are a global challenge, and are not limited to Zimbabwe.
“What we are doing as a banking sector is enhancing our security features at the institutional level, depending on the technology employed. All our members are working to improve their security capabilities,” said Nyazema.
“We are also raising awareness, not only among our members but across the entire banking sector, including customers and clients. It is essential for everyone to understand cybersecurity threats and how to address them. As a result, there has been a significant education and publicity campaign.”
As Zimbabwe embraces digitalisation, the Postal and Telecommunications Regulatory Authority of Zimbabwe (Potraz) is intensifying efforts to protect citizens’ data amidst the rising threat of cybercrime.
With the digital shift accelerating, cybersecurity has become a top priority and Potraz said it is proactively addressing these challenges, particularly in the informal sector.
Potraz director-general, Gift Machengete, reiterated the authority’s commitment to “finding ways and means” to enforce data protection regulations, even in the informal economy, a sector often overlooked in cybersecurity discussions.
Given that Zimbabwe’s informal sector forms a significant part of the economy, many citizens are vulnerable to data breaches and cyberattacks. Potraz’s stance reflects an understanding that robust data protection should extend to all citizens, irrespective of their employment status.
The authority’s proactive approach includes implementing the Cyber and Data Protection Act, enacted in 2021. This legislation categorises data controller licences based on the scale of data processing and mandates each controller to appoint a certified data protection officer. Additionally, compliance with data-sharing and cross-border transfer regulations is required.
Potraz board chairman, Takudzwa Zvobgo, acknowledged the ongoing nature of this work.
“This is still work in progress … there is a lot of ground to be covered,” he said.
The Act’s tiered licence fees, ranging from US$50 to US$2 500, are designed to support a budget enabling cybersecurity initiatives across Zimbabwe, including remote areas.
Potraz is also fostering collaboration across various sectors, recognising that cybersecurity is a collective responsibility. Over the past two decades, nearly 20 percent of reported cyber incidents have affected the global financial sector, resulting in direct losses of US$12 billion, according to the International Monetary Fund. Since 2020, direct losses have totalled approximately US$2,5 billion. newsdesk@fingaz.co.zw
