Why SASRA Has Warned SACCOs Against Cyber Attacks During Easter Holiday
The Sacco Societies Regulatory Authority (SASRA) has issued a stern warning to all regulated Savings and Credit Cooperative Organisations (SACCOS) across the country, urging them to heighten cybersecurity vigilance during the Easter holiday period.
The warning, delivered through an official notice dated Thursday, April 17, comes amid rising concerns over increased cyber threats targeting financial institutions during extended public holidays. SASRA’s Chief Executive Officer, Mr. Peter Njuguna, revealed that intelligence reports and surveillance data have consistently indicated a worrying trend: the majority of cyber breaches within SACCOs occur during long-weekend holidays, with a concentration of activity in the final 12 hours leading up to the holiday.
According to Mr. Njuguna, this pattern suggests that cybercriminals deliberately exploit periods of reduced staff presence and relaxed monitoring to launch targeted attacks on vulnerable systems.
Holiday Periods Pose Elevated Risk
Long holidays, such as Easter, often see financial institutions operating with minimal staffing, especially in ICT and operations departments. This lull creates a window of opportunity for malicious actors to infiltrate systems and execute breaches with minimal detection.
SASRA is therefore urging all SACCOs to proactively strengthen their cybersecurity protocols. The regulator emphasized the need for constant monitoring of digital financial platforms, core banking systems, and associated ICT infrastructure. SACCOs have been reminded that the risks are not hypothetical, but real and recurring.
“In this regard, regulated SACCOs are reminded that during long weekends such as the Easter holidays, they are required to heighten, intensify, and strengthen their cybersecurity monitoring and surveillance,” said Mr. Njuguna in the notice.
Digital Platforms Most at Risk
The regulator has particularly flagged SACCOs that utilize mobile money platforms, internet banking services, and other electronic systems that offer real-time access to member accounts as being highly susceptible to cyber threats. The report also raised concerns about float accounts used for mobile money transactions—often managed through third-party service providers—citing these as critical weak points in the financial ecosystem.
SACCOs relying on external vendors to process transactions or manage digital platforms must ensure that their partners also uphold the highest cybersecurity standards. Failure to do so could expose the entire cooperative to breaches that may result in data loss, financial theft, or operational paralysis.
Internal Threats Cannot Be Ignored
In addition to external cyber threats, SASRA has cautioned against insider threats. Mr. Njuguna underscored the importance of SACCOs instituting round-the-clock internal control measures that can detect and prevent instances of employee collusion with third parties.
“Regulated SACCOs and their third-party system vendors must implement robust internal controls, ensuring there is no room for collusion between internal staff and malicious external actors,” he stated.
Cybercrime and Governance Challenges
Cybersecurity breaches are not isolated events but symptoms of deeper challenges within the cooperative movement. Persistent cybercrime and poor governance have been repeatedly cited as major obstacles to the growth, efficiency, and credibility of SACCOs in Kenya.
Many SACCOs lack the technical capacity, training, and governance frameworks necessary to implement resilient cybersecurity measures. In particular, the limited cybersecurity knowledge among SACCO board members and senior managers has left several institutions exposed to sophisticated digital attacks.
Over the past few years, multiple regulated SACCOs have reported serious cyber incidents. These breaches have, in some cases, led to the loss of members’ savings, unauthorized data access, and service disruption—undermining the confidence of members and the public at large.
Call to Action: Vigilance and Preparedness
SASRA’s warning is not merely precautionary—it is a call to action. SACCOs are expected to not only review their cybersecurity frameworks but also deploy real-time monitoring systems, train relevant personnel, and ensure that business continuity plans are in place ahead of the Easter break.
The Authority continues to monitor the sector closely and remains committed to safeguarding the integrity of the cooperative financial system. As digital financial services expand, so too must the efforts to shield them from ever-evolving cyber threats.
With the Easter holiday fast on, SACCOs must rise to the challenge and fortify their digital frontlines—not only to comply with regulatory expectations but to protect the trust and financial well-being of their members.
In Other News: Kawira Mwangaza Turns to Content Creation Weeks after Impeachment
Why SASRA Has Warned SACCOs Against Cyber Attacks During Easter Holiday
