A Survey of Implementation of Information Security Awareness Programs by Financial Institutions in Kenya

Abstract

The need for ICT in financial institutions is increasingly inevitable given that the number of transactions is high, customers are many and spread. In such cases manual methods of keeping track of customer payments and transactions become very difficult and inefficient causing the organizations to be susceptible to theft, frauds and errors. However with increased introduction of ICT financial institutions are exposed to many risks that can result in the possibility of financial loss or reputation risk. This has forced firms to undertake information security awareness programs to protect these critical systems, hence the need for the study, which had three objectives. The first objective was to determine the extent to which information system security awareness program are implemented by financial institutions in Kenya. The second was to determine the methods that financial institutions in Kenya use to propagate their information system security awareness programs. The third was to establish the challenges faced in the implementation of information system security awareness program in financial institutions in Kenya. Primary data was the main form of data used in this research and it was collected using questionnaires. Forty questionnaires were personally administered to the respondents and out of these thirty were collected. The questionnaires had both open and closed ended questions. The respondents were IT security managers and the assistants in financial institutions. The ''drop and pick later" method was used to administer the questionnaires. The data collected was subjected to descriptive and factor analysis. The findings of the of the study show that majority of the financial institutions in Kenya appreciate the need for information security awareness and have implemented the same. The findings further revealed that 100% of the organizations used New Hire Orientation and Acceptance use Policy methods in undertaking information system security awareness. The main challenges to implementing the awareness program in the firms were noted to be improper training venue and lack of security awareness skills by trainers across most organizations. The study shows that financial institutions have implemented information system security awareness covering employees within the sector as a continued counter measures to security threats. This is evidenced by the presence of information security team in most of the firms also shows their inclination to reduce risks. Financial institutions are governed by a written and formal information security policy which is continuously updated to keep abreast with i x technological changes. It was also evident that most financial institutions had budget for information system security awareness programs. It can therefore be concluded that information security awareness program have been implemented by financial institutions in Kenya using various methods covering all employees although faced with some challenges in its implementation.