Recently, I joined representatives from African central banks on a study visit to Ghana’s Financial Industry Command Security Operation Centre (FICSOC) in Accra. What we experienced was far more than just a cybersecurity facility—it was a powerful demonstration of how central banks can take proactive leadership in protecting trust, financial stability, and inclusion in the digital age.

Why Cybersecurity Matters for Financial Inclusion

Across Africa, and around the world, digital financial services are accelerating access for underserved groups—particularly women, youth, MSMEs, and rural communities. But these advances do not come without risks. Cyberattacks, scams, and data breaches quickly erode trust, especially for first-time users who are more vulnerable to digital risks, and less equipped to recover from financial loss.

This isn’t hypothetical. During the recent African Financial Inclusion Policy Initiative Leaders Roundtable, it was revealed that five African central banks have reported cyberattacks and data breaches. In some cases, these were contained in time. In others, the impact was significant, leading to business disruptions, operational downtime, and even loss of funds.

Cybersecurity affects all of us—everyday customers, financial service providers, and regulators alike. As digital finance expands, so must our collective efforts to protect it.

Ghana’s FICSOC: A National Cybersecurity Shield

Launched in May 2023, FICSOC is a centralized cybersecurity command center operated by the Bank of Ghana (BoG). It is one of very few sector-wide Security Operation Centres (SOCs) in Africa, providing real-time threat intelligence and system-wide monitoring across all 23 licensed banks and BoG itself. Its focus areas include:

• Real-time monitoring of network traffic and logs
• Incident response and vulnerability management
• Cyber threat awareness and education
• Ensuring situational awareness across the sector

It collects, analyzes, and shares actionable threat intelligence to help institutions stay one step ahead of cyber risks. And its impact is already apparent: since its launch, FICSOC has helped mitigate two zero-day threats and addressed multiple vulnerabilities across participating institutions.

Built for Resilience and Inclusive Reach

The infrastructure is robust. The primary site in Accra is backed by a hot site (an identical facility 150 km away) and a warm site (at half capacity).

Crucially, BoG is working to onboard mobile money operators and smaller institutions, ensuring that the very actors driving financial inclusion are also covered by this cybersecurity umbrella. That’s a critical step toward protecting low-income and digitally vulnerable populations, who are increasingly transacting online.

Governance, Legal Framework, and Industry Engagement

FICSOC is fully owned and operated by the Bank of Ghana, under the oversight of a board-level Cyber and Information Security Committee. It was established under Ghana’s Cyber & Information Security Directive, which requires all financial institutions to set up their own internal SOCs—creating a holistic and layered defense system.

Empowering the FICSOC is Ghana’s 2020 Cybersecurity Act, under which Bank of Ghana is designated as the Sectoral Computer Emergency Response Team lead for the entire Financial Industry, which includes insurance, pensions, securities and exchanges.

During our visit, it was encouraging to see how BoG is actively supporting industry players—guiding them on compliance, technology standards, and secure integration with FICSOC. This is not just about regulation: it’s about partnership and capacity building.

From Crisis Response to Strategic Resilience

Cybersecurity is no longer a back-office IT issue – it’s a strategic public good, especially in the context of inclusive finance. By proactively investing in FICSOC, Ghana is helping ensure that the growth of digital financial services remains safe, trusted, and sustainable.

Across Africa and beyond, central banks have woken up to the cybersecurity challenge, and are developing regulatory frameworks and tools. Through forums like AFI, we have the opportunity to learn from each other’s approaches, share best practices, and develop coordinated responses to growing digital threats.

As the Bank of Ghana’s 2nd Deputy Governor Mrs. Matilda Asante-Asiedu eloquently put it: “Isolation is vulnerability, collaboration is command.”