Saccos unprepared for data protection law, says latest Serianu Cyber Security Report
A new report by cyber security consulting firm Serianu states that most Saccos in Kenya are struggling to comply with the requirements of the data protection act and manage the information they obtain from members and customers.
For the third year running, Serianu released the annual Sacco Technology Report following an extensive survey among sacco leaders and managers across the country. Other findings of the report include low technology vendor security levels, increased mobile attacks on sacco mobile transaction infrastructure and the need to embrace remote working practices in wake of the Covid 19 pandemic.
Serianu Chief Operating Officer Joseph Mathenge explained that while more saccos had embraced digital technology to transform their operations, there was a high level of unpreparedness to implement the data protection law for their members and customers. “Our research indicates that Saccos are increasingly investing more resources in technology and security but most are still unprepared for the Data protection law”, said Mathenge.
This, he said, expose them to the risk of being fined penalties of up to kshs 5 million each for non-compliance.
Mathenge added that saccos were lagging behind the security of the systems even as they ramped up investments in technology and digitization. “This lack of security exposes them to risks of losing at least Kshs 10 million per transaction”, he noted.
In delivering the keynote speech during the official launch of the report in Nairobi, Dr. Catherine Ngahu, Executive Chairman of the SBO Research called for Kenyan saccos to embrace radical initiatives including sharing technology infrastructure instead of each sacco investing in its own, merging to achieve larger economies of scale and implementing better member engagement programs. These steps, she explained, have the potential to double the current national sacco membership which currently stands at about 3.5 million people to 7 million members, effectively giving the sector an additional Kshs 200 billion in assets.
Kenyan saccos, she explained, have reached a point where they need to rethink their operating models for them to survive and grow. Despite embracing technology at a faster pace over the last two years, the saccos must establish new ways of being attractive. “Savings and dividends are not the only determinants for attracting and retaining members,” she noted.
Dr. Ngahu added that Kenyan saccos are sagging under the weight of negative perception, especially by the youth who view them as serving older people. “It is a major indictment on saccos and points to an urgent need to rebrand and reposition saccos so that they connect with young people’s aspirations and what I would call experience journeys, including the theme of today’s conference, technology. After all, this generation will going forward only become more dependent on technology”, she said.
Dr. Ngahu challenged the sacco leaders to become more innovative with their offerings, pointing out that the rise of the ‘gig economy’ where professionals offer their services more as consultants than employees and are unbound to geographical boundaries, speaks to a whole new world of potential sacco members. As a result, saccos need to innovate around guarantee-based lending to address ‘gig workers’ who may not know each other well as a result of remote working.
Saccos will also have to meet the potential members at the convenience level they seek with payments. “Payments is also about facilitating settlement of bills and purchases, akin to the way banks are doing. With the rise of FOSAs the next edge will be in payment methods that occur at a single point. For these young people, referred to as the “any-age, anywhere generation”, they want to buy things online at their own time and delivered to their premises,” said Dr. Ngahu.
As the Corona virus continues to disrupt normal business, Dr. Ngahu posited that the time is ripe for saccos to integrate remote working into their operations, an exercise that reemphasizes the need for heightened cyber security vigilance.