Login to profile

CREST delivers guide to fostering financial sector cyber resilience in developing countries

6 April 2023

A new Good Practice Guide from CREST, “Fostering Financial Sector Cyber Resilience in Developing Countries”, launches today as part of the global not-for-profit’s ongoing work in encouraging greater cyber readiness and resilience in emerging nations.

CREST, a global community of cyber security businesses and professionals working to keep information safe in a digital world, received a grant of US$1.4 million from the Bill & Melinda Gates Foundation in 2020 to help increase cyber security capacity and cyber resilience in Bangladesh, Ethiopia, Indonesia, Kenya, Nigeria, Pakistan, Tanzania and Uganda.

The latest Good Practice Guide describes the need for different kinds of testing, dependent on the cyber maturity of the nation, authority or organisation – as well as the local cyber security industry. It also describes international standards, and the varying levels of globally agreed cyber maturity. It concludes with advice for governing authorities, and details challenges they might expect.

Written by Wiebe Ruttenberg, Director of Strategy at cyber threat intelligence product and services company SecAlliance, the Guide suggests an urgent need for this appropriate testing to ensure better cyber safety for all.

Ruttenberg says: “Studies show cyber resilience of financial entities in developing countries is often relatively low, leaving them and their clients considerably exposed to cyber risks.”

“While authorities in developing countries have stepped up their efforts to improve financial sector cyber resilience, this guide describes how exercises like penetration testing can improve the cyber resilience of critical financial entities.”

“A regular testing programme also contributes to local market maturity in terms of cyber security services, benefiting other non-critical companies and society at large as well.”

CREST CEO Nick Benson says: “While we took considerable time and effort to study the cyber security capabilities at national and organisational level in a wide range of developing countries under the CMAGE project, this work cannot be viewed in a vacuum. Our latest Good Practice Guide goes some way to help governments and the private sector in developing countries achieve not only a stronger understanding of the cyber-attack landscape, but how to develop greater resilience against attack.”

As the Guide states: “Between 2017 and 2021 alone, the average rate of account ownership in developing economies increased by another 8 percentage points, from 63 percent of adults to 71 percent of adults, increasing the number of banked adults with many millions.”

Financial inclusion is a top priority among the international community since the G20 recognised it as one of the main pillars of the 2010 global development agenda. But for the less-privileged, theft of digital savings, malicious alteration of their data, or obstruction of the financial infrastructure affects them hardest, directly endangering their businesses, families and possibly even their lives.

The report is one of several produced by the not-for-profit organisation to help build capacity and consistency in the cyber security industry, aimed at helping governments and organisations develop a more sophisticated cyber security toolkit.

The free Guide is now available to download via the research and reports section of our website.


CREST is a not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognised accreditations for organisations providing technical security services and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and security operations centre (SOC) services. CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence. To ensure currency of knowledge in fast changing technical security environments the certification process is repeated every three years.

For more information on CREST: www.crest-approved.org

For media enquires contact: Allie Andrews, [email protected]