Information Security Management Practices And Risk Exposures Among Commercial Banks In Kenya

Abstract

This research is about implemented information security management practices and information security risk exposures in Commercial Banks in Kenya. The research was motivated by the need to determine the extent of implementation of the information security management practices, the risk exposures as a result of not implementing the management practices and the relationship between the information security management practices and risk exposures. Commercial Banks in Kenya are facing stiff competition from FinTech companies in provision of financial services to customers and this competition has forced them to adopt technology to improve the effectiveness and efficiency of their operations, increase the customer touch points and provide services conveniently. With the huge adoption of technology to meet this needs, the organizations have in turn become more vulnerable to cyber security threats. This research therefore tries to establish to what extent commercial banks have implemented the security management practices to counter these threats. A descriptive survey targeting Information Security Managers, IT Risk Managers, IT Managers, and IT Auditors was carried out in all the 41 commercial banks in Kenya. Of the 41 respondents, 34 respondents returned fully completed survey questionnaire translating to a response rate of 82.92 percent. The survey was done using a questionnaire and descriptive statistics was used for data analysis. The study found that most organizations have implemented the information security management practices to a great extent and are exposed to information security risks to a little extent.