Cyber security threats and mitigation strategies on the performance of the financial sector, a case of stanbic bank- Uganda

Abstract

This research examines how cyber security threats and the efficacy of mitigating measures have an effect on the financial performance of commercial banks, particularly Stanbic Bank Uganda. Amidst the digitalized financial world, banks have increased exposure to cyber threats, which significantly threaten their operational integrity, customer confidence, and financial viability. The study aims to analyze the effect of preventive, detective, and corrective cyber security measures on meaningful financial performance indicators like revenue, operating profit, and expenses. Mixed-method research design was employed, combining quantitative data collected by ordered questionnaires from bank employees and management and qualitative data collected by semi-structured interviews among customers. A sample of 100 respondents from the selected commercial banks like Stanbic Bank was attained through Slovin's formula and picked using stratified and purposive sampling techniques. Descriptive and inferential statistics with the aid of SPSS were used to analyze quantitative data and thematic analysis was used for qualitative data. The research concluded that cyber threats such as phishing, malware, and system intrusions affect financial performance negatively unless met with strong action. Banks that had strong preventive controls (e.g., firewalls, multi-factor authentication), detective mechanisms (e.g., intrusion detection systems), and corrective controls (e.g., incident response planning and data recovery procedures) showed improved financial performance. Greater customer confidence, fewer operational losses, and lower costs for incidents were also observed in institutions with good cyber security policies. The study proposes that commercial banks in Uganda, and particularly Stanbic Bank, prioritize integrated cyber security strategies alongside their financial ends. Routine audits, staff training, the purchasing of advanced security equipment, and compliance with regulatory demands are essential to mitigate risks and enhance institutional resilience. The study also calls for policy regulation as well as sustained capacity building geared towards addressing evolving cyber threats in the financial sector.