An evaluation of the perceived effectiveness of proactive and reactive strategies in mitigating cyber crime against banks in Kenya

Abstract

The increase in reported losses from cybercrime in the banking industry as a result of the shift to e-banking underscores the importance of finding an effective strategy to mitigate cybercrime. This research set out to identify an effective solution to cybercrime in the banking industry by identifying a set of variables that if controlled will provide managers with a means to abate cybercrime. The objective was achieved by establishing the relationship between the frequency of cyber-attacks and the strategies employed by Kenyan banks to mitigate cybercrime. Questionnaires and interviews were administered to the managers of the IT and internal audit departments of the banks operating in Kenya as at December 2014. A Likert scale was used to capture the frequency of cyber-attacks from the managers and the strategies adopted to mitigate cybercrime. Simple and multiple regressions were then applied to the mean responses to establish the relationship between the frequency of cyber-attacks and the strategies employed. Findings indicate that all 14 previously identified cyber- attack methods were present with varying degrees of frequency. The research established that attacks by viruses, spamming, phishing, adware, worms, spyware and Trojans were experienced on a daily basis by some banks. The highest occurrence of ATM card fraud and, DOS was weekly while attacks by Vishing, SMSishing, botnets and hacking occurred most frequently on a monthly basis. Key loggers had the least frequency of occurrence with most of the banks not attacked. The study found all the banks in Kenya are at different stages of implementing both proactive and reactive strategies as measures against cybercrime. The responses indicated a partiality towards proactive strategies with less than 4% having not implemented any of the previously identified proactive strategies. Regression analyses established both strategies have a negative relationship with the frequency of cyber-attacks. Further, the paper determined reactive strategies to have a higher negative relationship to frequency of cyber-attacks than proactive strategies. The size of the bank was established to have a positive relationship to frequency of attack. This was achieved despite the effort curtailed by less than 100% response rate. The study provides a basis for future research into cybercrime in the banking industry especially on the effectiveness of strategies employed. Further, the research offers impetus for a study on threats from the insider and a view of cybercrime from the customer's perspective.