Factors hindering integration of physical access control and cyber security in the Banking sector in Kenya.

Abstract

Over the last few years, many industrial control systems, including security solutions, have adopted digital technology. Components of these systems, which were physically separated are now linked together over network, making them remotely accessible and thus open to cyber threats. As part of the technological transformation made globally, physical access control and cyber security have been integrated so as to mitigate the risk of the existing cyber threats. However, in the Kenyan banking sector, financial institutions are reluctant to adopt the integrated security model despite its renown benefits. This research focused on determining the factors that hinder integration of physical access control and cyber security in the Kenyan banking sector. A descriptive research design was used in the study with the questionnaire being used as the primary data collection tool. The study targeted employees who work in both the physical access control and cyber security units in the 43 banks in Kenya. Data analysis was done using descriptive and inferential statistics. The study established that banks’ attitude towards integration of the two security functions is determined by the banks’ commitment to security reforms, the ability of the integrated approach to resolve existing vulnerabilities and also reduce the firms’ risk exposure. In addition, the managements’ willingness to reorganize the current security model and the reduction of operational costs also determine the banks’ attitude towards the integrated security model. The study established that the banks’ intention to integrate their security functions is determined by: the need for detective controls, the need to enhance coordination of security functions, the urge to improve accountability during security breaches, the need to improve internal monitoring by detecting security breaches before they occur and the need to prevent insider fraud by gagging any fraud loopholes. The study identified internal and external sources of pressure that would push the financial institutions to integrate physical access control and cyber security. The sources identified include: persistent security threats, the need for efficiency in security procedures, incorrect response during security breaches, legal requirements, industry regulations, integration motivated by competitors and continued global changes. Factors identified as hindrances to the integration of the physical access control and cyber security units in financial institutions include: absence of organizations which financial institutions can benchmark with, absence of industrial regulations that support integration of the security units, unknown cost implications, organizational culture and lack of road map that would guide the integration process. The findings of the study were then used to develop a conceptual framework that is recommended as a guide for all financial institutions that wish to integrate their security functions.