This chapter presents the background of the study, the problem statement, purpose, objectives of the study, research questions, study scope, justification of the study, significance, hypotheses, conceptual framework, as well as operational definition of key terms and concepts.

1.1 Background of the study

The section presents, historical background, theoretical, contextual background, conceptual background.

1.1.1 Historical Background

Cyber attacks have evolved with the computer industry, in the modern computer error it can be observed from the start of “creeper worm” which is the earliest form of computer virus and in March 26, 1999 Melisa virus which was mailing macro virus (Kraken, 2019).

The world is witnessing a lot of increase in cyber-attacks some orchestrated by governments like the Stuxnet computer virus designed by the United States reported to have destroyed almost one-fifth of Iran’s nuclear (Dziwisz, 2023).

Cyber-attacks have caused a lot of loses to countries and individuals in different measures according to IMF’s Global Financial Stability Report (Adelmann et al., 2020 ), In the past two decades, nearly one-fifth of reported cyber incidents have affected the global financial sector, causing $12 billion in direct losses to financial firms, and from 2020 to 20224 direct losses amounted to an estimated $2.5 billion (Egerson et al., 2024).

Cybersecurity is becoming more critical as the number of users, devices, and programs in the modern company grows, as does the amount of sensitive or confidential data. Rising numbers and skills of cyber attackers and attack methods exacerbate the problem. Cyber-security protects internet-connected gear, software, and data from cyber-attacks (Rademaker, 2016). Individuals and businesses use it to secure data centers & other digital systems. A good cyber-security plan can protect an enterprise or user’s systems and sensitive data from hostile attacks. Cyber-security protects against attacks that disable or impair systems or devices (Štitilis et al., 2016).

Cyber security protects devices and services from hackers, spammers, and cybercriminals (Hashim et al., 2016). Some cyber security components aim to strike first, but most specialists focus on safeguarding all assets, from PCs and cellphones to networks and databases, from attacks. In the media, cyber security refers to protecting against all forms of cybercrime, from identity theft to international digital weaponry. Although relevant, these designations fail to represent the true nature of cyber security for persons without a computer science degree or digital sector experience (Jaganathan et al., 2015).

1.1.2 Theoretical background

Diffusion of innovation theory

The Diffusion of Innovation (DOI) Theory, developed by Everett Rogers in 1962, explains how, why, and at what rate new ideas, technologies, or practices spread through a population or social system. The theory suggests that innovation is communicated through certain channels over time among the members of a social system. According to Rogers, the adoption of innovation follows a bell-shaped curve and is influenced by five categories of adopters; Innovators, the first individuals to adopt an innovation; they are risk-takers and often have access to financial resources and knowledge. Early Adopters, respected opinion leaders who adopt new ideas early but carefully; they help trigger broader acceptance. Early Majority; adopt innovations just before the average person; they are deliberate and cautious. Late Majority; skeptical and adopt only after the majority has tried it. Laggards; the last to adopt; they resist change and rely on traditional methods. The theory also outlines five characteristics of innovations that influence adoption; Relative advantage, Compatibility, Complexity, and Observability. The diffusion process involves knowledge, persuasion, decision, implementation, and confirmation stages. Understanding these dynamics helps organizations and policymakers design better strategies for promoting new technologies, practices, or products.

Using the Diffusion of Innovation (DOI) theory, the cyber security challenges in Uganda’s banking sector specifically in the case of Stanbic Bank Uganda can be understood through the lens of how new security technologies and practices are adopted across the organization. According to the theory, innovations such as advanced cyber security systems, multi-factor authentication, and staff cyber-awareness training diffuse at varying rates among adopters. In Uganda, the slow adoption of these cyber security innovations may be due to factors such as limited technical expertise, cost constraints, organizational resistance to change, or a lack of perceived urgency until after attacks occur. Early adopters of strong cyber-security measures may experience fewer breaches, while late adopters remain vulnerable to sophisticated attacks. Therefore, cyber-attacks on banks like Stanbic may be partly attributed to delays in adopting and fully integrating cyber-security innovations across all operational levels, highlighting the critical need for accelerated and institution-wide innovation diffusion to strengthen cyber resilience.

1.1.3 Conceptual background

Cyber-security refers to the practices, technologies, and processes designed to protect computer systems, networks, programs, and data from unauthorized access, attacks, or damage. In the context of the banking sector, cybersecurity encompasses measures taken to secure sensitive financial information, protect online banking systems, and prevent fraud or data breaches. Effective cyber security is essential for maintaining customer trust, regulatory compliance, and the overall integrity of the banking infrastructure (Onyshchenko et al., 2023).

Challenges in this context refer to the obstacles, difficulties, or vulnerabilities that hinder the effective implementation of cyber security in Uganda’s banking sector. These may include limited technical expertise, outdated security infrastructure, insufficient regulatory frameworks, lack of awareness, and increasing sophistication of cybercriminals. Identifying and understanding these challenges is critical to developing robust defense mechanisms and reducing the risk of cyber incidents.

Uganda’s banking sector comprises all financial institutions operating under regulatory oversight to provide services such as deposits, loans, and electronic banking to individuals and businesses. This includes commercial banks, microfinance institutions, and other financial service providers. The sector is undergoing rapid digital transformation, with increased use of mobile and internet banking, making it a prime target for cyber threats due to its high dependence on digital platforms.

An investigation in this context refers to a systematic inquiry or research process aimed at uncovering the root causes, nature, and contributing factors of cyber-attacks within Uganda’s banking sector. It involves gathering data, analyzing patterns, and interpreting findings to provide evidence-based conclusions. The investigation seeks to understand how and why cyber-attacks occur, who may be responsible, and what vulnerabilities are being exploited.

Causes of cyber-attacks are the underlying factors or conditions that lead to unauthorized attempts to access, disrupt, or damage banking systems and data. These causes can be both internal (e.g., insider threats, weak passwords, lack of employee training) and external (e.g., hackers, malware, phishing). Understanding these causes is essential for developing targeted cybersecurity strategies that prevent future attacks and minimize potential damage (Judijanto, Hindarto, & Wahjono, 2023).

Cyber-attacks are deliberate and malicious attempts to compromise the confidentiality, integrity, or availability of information systems. In the banking context, this includes activities such as data breaches, ransomware attacks, denial-of-service (DoS) attacks, and identity theft. Cyber-attacks can result in financial loss, reputational damage, legal penalties, and a loss of customer confidence, making their prevention and mitigation a top priority for financial institutions (Ahmed et al., 2023).

1.1.4 Contextual background

Cyber-attacks are currently one of the biggest challenges facing developing countries specifically Africa , though there has been a projected growth for African cyber security market , nations across the continent are losing billions each year due to the increased cyber attacks, collectively African countries loose 4 billion Us dollars annually due to cyber attacks with specific countries like; Nigeria, Kenya, south Africa and Egypt lose more than $3.5b per annum as a result of digital attacks, Like many developing nations, Uganda has witnessed rapid adoption of digital technologies in recent years. While this digital transformation brings numerous benefits, it exposes the country to new risks of cyber-attacks. Cybercriminals capitalize on weaknesses in cyber security infrastructure, exploiting individuals, businesses, and government entities for financial gains or other purposes and as of 2022 Uganda lost 19.2 billion to cybercriminals and in 2023, over 245 cases were reported to police countywide, bringing a 5 billion loss.

1.2 Problem statement

The banks globally face a multitude of loses as a result of cyber criminals the size of these losses has more than quadrupled since 2017 to $2.5 billion (Natalucci, Qureshi, & Suntheim, 2024). Africa and Uganda in particular are no exception, and as of 2022 Uganda lost UGX19.2 billion to cybercriminals and in 2023, over 245 cases were reported to police countywide, bringing a UGX 5 billion loss (Daily monitor, Friday, April 05, 2024), in the banking industry direct and indirect loses like reputational damage or security upgrades are substantially higher, it is against this background that this study intends to investigate into cyber security threats and mitigation strategies on performance of financial sector, acase study of Stanbic bank Uganda.

1.3 General Objective

The general objective of the study is to examine, cyber security challenges in Uganda’s banking sector: an investigation into the causes of cyber-attacks.

1.3 Objectives of the study

To examine the influence of external threats on the vulnerability of the banking sector
To investigate the influence of internal threats on the vulnerability of the banking sector

To determine the relationship between user technical awareness on vulnerability of the banking sector

1.4 Research Questions

What is the influence of external threats on the vulnerability of the banking sector?
What is the influence of internal threats on the vulnerability of the banking sector?

What is the relationship between user technical awareness on vulnerability of the banking sector?

1.5 Scope of the study

This section will include the content, time and geographical scope;

1.5.1 Content scope

The contents of the study will include; external threats on the vulnerability of the banking sector, internal threats on the vulnerability of the banking sector and user technical awareness on vulnerability of the banking sector.

1.5.2 Geographical scope

The study will investigate the banking sector specifically, stanbic bank.

1.5.3 Time scope

The study will be carried out for a period of one month.

1.5.3 Significance of the study

The study will provide information to the future scholars on the influence of external threats on the vulnerability of the banking sector.

The study will also provide information on the influence of internal threats on the vulnerability of the banking sector.

The study will provide information to the future managers on the relationship between user technical awareness on vulnerability of the banking sector

Conceptual Frame Work

Cybersecurity Challenges (I.V) Vulnerabilities in the banking sector (DV)

Mediating variables

Explanation

Cybersecurity challenges refer to the wide array of threats, risks, and system weaknesses that compromise the integrity, confidentiality, and availability of digital information. In the banking sector, these challenges are especially significant due to the sensitive nature of financial data and the increasing reliance on digital technologies. Common cyber security challenges include; External cyber threats; Hackers, Cyber criminals and foreign actors targeting. The study also includes; Internal cyber threats; Insider threats, Employee negligence while User technical awareness also includes; Training of employees and Knowledge on cyber-crimes. Vulnerabilities in the banking sector represent the weaknesses or gaps in the information systems, internal controls, or operational protocols that can be exploited by cyber threats. These vulnerabilities may include; out dated banking software, Old Hardware, Lack of encryption and Weak authentication protocols.

Mediating variables are the factors that explain the mechanism through which cyber security challenges lead to vulnerabilities in the banking sector. They help in understanding how or why one variable influences another. Key mediating variables in this relationship may include: Data protection laws, Poor cyber security regulation and Collaboration with law enforcement.

CHAPTER TWO

LITERATURE REVIEW

2.0 Introduction

This section will provide study discussion on objectives as explained by other scholars.

2.1 Theory of the study

The study used the following studies;

2.1 External threats in the banking sector

The rise on the use of information technology in banking industry has exposed the financial institutions to different levels of cyber attacks , this is because it has opened opened new methods of security breaches. Every advancement has brought new challenges into the financial landscape (Gulyas, & Kiss, 2023).

New technologies, such as cloud computing or mobile banking, have to face expansive attack attempts from different agents on many levels (Hasan, & Al-Ramadan, 2021). The attackers target vulnerabilities that can be exploited to steal customer data, this therefore indicates that it is important for banks to constantly adopt new security cyber strategies to ensure the security of their customers, their assets, and their data (Berdyugin, & Revenkov, P2019).

Since the introduction of Automatic teller cards (ATM) there are many online credit card frauds which are made when a customer use their credit card or debit card for any online payment , during this transactions normally hackers get information from the ATM cards and are able to manipulate the system and get the password of the client and misuse of it for online purchase for which the customers card used after the hackers have access to the clients’ card number and password, they impersonate the credit card owner when electronic transactions are not secured (Omotosho et al., 2023).

Cyber attacks like phishing attacks are a social engineering technique that cyber criminals employ to influence a customer of a financial institution to reveal personal information, such as an email address, username, password, or financial information after this information is then used by the attacker to the disadvantage of the victim (Alabdan, 2020).

2.2 Internal cyber threats on the vulnerability of the banking sector

Banking industry mainly in developing countries are prone to high risks orchestrated by use sometimes of outdated software that is vulnerable to hackers, therefore reducing the risk of these attacks requires organizations to be in position to update their organization softwire’s to one which is difficult to the hackers to compromise (Alzoubi et al., 2022). The hackers and other cyber criminals can exploit the gaps in the software which are not updated and to the standard and cause a substantial financial loss for example, Bangladesh’s central bank succumbed to SWIFT hackers in 2016 and lost US$81 million (Gladstone, 2016) and relatedl;y the many cyber attacks in the south Korean financial networks for several days in 2013 (Schwartz, 2013).

Use of out-dated computer hardware’s , which can be easily compromised , more to that these old hardware’s are not compatible with the new existing software’s that could have the ability to prevent hacking (Alhayani, Abbas, Khutar, & Mohammed, 2021), This can lead to errors, crashes, slowdowns, or even data loss, The integrity of information systems and data could be threatened due to errors and omissions, which is usually occurring during the capture of data (Morrison, Coventry, & Briggs, 2020).

Lack of a well comprehensive policies regarding online transactions by the bank, Cybersecurity risk occurs because banks and other financial institutions are often unable to ensure an appropriate set of tools, technologies, training, and best practices to protect networks, devices, programs, and data from unauthorized access, some of the activities like online payments banks need to have a good policy frame work on how it is supposed to be performed.

The use of software that have do not have strong verification capabilities exposes banks to cyber criminals , software which are vulnerable to viruses like a ransomware attack , this exposes the financial institution to cyber criminals for example in the USA in 2020, a DDoS attack on a network provider that forced the New Zealand Stock Exchange to shut down operations in 2020, and a data breach on the online stock trading platform Robinhood in 2021 where the personal information of 7 million customers was accessed by a cybercriminal.

2.3 User technical awareness on vulnerability of the banking sector

Sometimes employees in the organization with no technical skills may cause data breaches something that could expose the financial institution at risk of cyber-attacks , like for examples a former employee of wells and fargo on December 31, 2021, e-mailed files containing private information from Well’s Fargo’s servers, this kind of practice exposes the financial institution on to cyber criminals who after accessing a customer sensitive data are able to access their bank accounts (Ibrahimnur, 2023).

The data breaches in the financial industry are extremely high that even the health sector is far behind the findings from the Verizon’s data breach investigation report (DBIR) places the financial industry in the top five for the number of security incidents in 2021. Access to valuable data that can be used in fraud and other cyberattacks makes the financial industry a target for expensive and damaging data breaches (Sipayung, Yanti, & Setya, 2022 ).

Banks whether in developed or developing country are all under constant threat by ransomware infections, phishing schemes, and account takeover attacks. These threats can result in data breaches, interruption to operations, and costly remediation (Hassan et al., 2023).

Technical knowledge among employees is essential since in the modern error Knowledge has become one of the most highly valued commodities in the modern economy, the knowledge of employees in managing the sensitive information and also in using the computer systems very well are important in protecting the bank from cyber criminals (Oloko, 2024).

CHAPTER THREE

METHODOLOGY

3.0 Introduction

This section presents the research methods that will be used to carry out the study. It covers the research design, Area of study, target population, sample design, sample size, research instrument, measurement of variables, Data Collection Procedure, data analysis and anticipated problems of the study

3.1 Research Design

A case study design shall be adopted for this research. They provide an in depth study of a particular situation. The study also shall use qualitative and quantitative methodologies for data analysis. Quantitative and qualitative methodologies shall be used in examining cyber security challenges in Uganda’s banking sector: an investigation into the causes of cyber-attacks. Quantitative research consists of those studies in which the data concerned can be analyzed in terms of numbers while qualitative describes events, persons and so forth scientifically without the use of numerical data. Quantitative research is based more directly on its original plans and its results are more readily analysed and interpreted. Qualitative research is more open and responsive to its subject. (Christina Hughes, 2006)

3.2 Area of the Study

The study shall be carried out at stanbic bank it department

3.3 Target population

Sekaran (2003) defines a population as the entire group of people, events or things that a researcher wishes to investigate. The entity comprises of 30 employees.

3.4 Sample Size, Techniques and Selection

Mugenda and Mugenda (2003), argue that it is impossible to study the whole targeted population and therefore the researcher shall take a sample of the population. A sample is a subset of the population that comprises members selected from the population. Using Krejcie and Morgan’s (1970) table for sample size determination approach, a sample size of 30 employees Will be selected from the total population of 36 employees.

3.5 Research Instrument

Questionnaires shall be used to obtain the necessary primary data to answer the research questions and achieving the research objectives. The questionnaire shall be designed in a manner that motivates respondents with simple structured questions with the option of providing any addition information to the structured questionnaire as an option to obtain relevant data from them. Secondary data shall be obtained through reading and reviewing existing records of related information to cyber security challenges in Uganda’s banking sector: an investigation into the causes of cyber-attacks, reports, published articles, journals and publications. Validity and reliability tests shall be carried out to ensure accuracy and usability of the instrument.

3.6 Measurement of Variables

A five point Likert ordinal scales ranging from; strongly agree which shall be assigned 5, strongly Agree, 4 agree, Not Sure assigned 3, Disagree allocated 2 and strongly disagree allotted 1 to obtain responses on the variables. The Likert ordinal scale has been used by numerous scholars who have conducted similar studies such as Bowling, (1997).

3.7 Validity and Reliability

The data a collection tools shall be pre-tested on a smaller number of respondents from each category of the population to ensure that the questions are accurate clear and in line with each objective of the study.

3.7.1 Validity

It is the degree to which results obtained from the analysis of the data actually represents the phenomenon understudy, (Mugenda & Mugenda, 2003). To ensure validity of instrument close guidance of the supervisor will have adopted. This will help to identify ambiguous questions in the interval and be able to re-align them to the objectives.

3.7.2 Reliability

Reliability tests and analysis shall be carried out.

3.8 Data Collection Procedure

The researcher shall obtain an introductory letter from Victoria university enable easy access to information by the researcher from stanbic bank. The procedure of data collection shall be based on the research objectives and questions. A review of related literature shall also be done. A questionnaire shall be pre-tested and review of the questions may be done if necessary, to ensure reliability and suitability.

3.9 Data Sources

Source of data will be from both primary and secondary sources.

3.9.1 Primary Data

Primary data shall be obtained from well-designed questionnaires structured to obtain relevant data and to gain opinions and practices on cyber security challenges in Uganda’s banking sector: an investigation into the causes of cyber-attacks.

3.9.2 Secondary Data

Secondary data is data which has been collected by individuals or agencies for purposes other than those of a particular research study. It is data developed for some purpose other than for helping to solve the research problem at hand (Bell, 1997). Secondary data shall be obtained from reports, published articles, and journals.

3.10 Data Process and Analysis

Data analysis shall involve the use of both quantitative and qualitative techniques.

Data processing shall be done by entering the data into a statistics package for social sciences (SPSS) in line with the research questions. Data analysis shall be done by also using this statistics package for social sciences (SPSS) to formulate frequency tables where the mean, variance and standard deviation will be obtained.

3.11 Limitations

The researcher anticipates lack of adequate resources for some of the research activities. In addition, the information required in the study is likely to be hard to be extracted from the respondents as it may be viewed as confidential.

REFERENCES

Adelmann, F., Ergen, I., Gaidosch, T., Jenkinson, N., Khiaonarong, M. T., Morozova, A., … & Wilson, C. (2020). Cyber risk and financial stability: It’sa small world after all. International Monetary Fund.

Adesuyi, D. (2020). A critical analysis of the legal framework relating to cybercrime in Uganda (Doctoral dissertation).

Ahmed, M. F., Molla, A. H., Uddin, M. R., & Chowdhury, T. R. (2023). Advancing cyber resilience: Bridging the divide between cyber security and cyber defense. International Journal for Multidisciplinary Research (IJFMR), 5(6).

Alabdan, R. (2020). Phishing attacks survey: Types, vectors, and technical approaches. Future internet, 12(10), 168.

Alhayani, B., Abbas, S. T., Khutar, D. Z., & Mohammed, H. J. (2021). Best ways computation intelligent of face cyber attacks. Materials Today: Proceedings, 26-31.

Alzoubi, H. M., Ghazal, T. M., Hasan, M. K., Alketbi, A., Kamran, R., Al-Dmour, N. A., & Islam, S. (2022, May). Cyber security threats on digital banking. In 2022 1st International Conference on AI in Cybersecurity (ICAIC) (pp. 1-4). IEEE.

Ambe, K. N. (2024). [enter Paper Title] Analysis of the risk associated with bank crimes in Africa. Analysis of the risk associated with bank crimes in Africa (January 27, 2024).

Berdyugin, A. A., & Revenkov, P. V. (2019). Approaches to measuring the risk of cyberattacks in remote banking services of Russia. Безопасность информационных технологий, 26(4), 83-92.

Dziwisz, D. (2023). Stuxnet. In The Handbook of Homeland Security (pp. 289-293). CRC Press.

Egerson, J. I., Williams, M., Aribigbola, A., Okafor, M., & Olaleye, A. (2024). Cybersecurity strategies for protecting big data in business intelligence systems: Implication for operational efficiency and profitability. World J. Adv. Res. Rev, 23, 916-924.

Force, U.P (2022). Annual Crime Report. Kampala: Uganda Police Force

Ghelani, D., Hua, T. K., & Koduru, S. K. R. (2022). Cyber security threats, vulnerabilities, and security solutions models in banking. Authorea Preprints.

Gulyas, O., & Kiss, G. (2023). Impact of cyber-attacks on the financial institutions. Procedia Computer Science, 219, 84-90.

Hasan, M. F., & Al-Ramadan, N. S. (2021). Cyber-attacks and cyber security readiness: Iraqi private banks case. Social Science and Humanities Journal (SSHJ), 2312-2323.

Hassan, S. W. U., Kiran, S., Gul, S., Khatatbeh, I. N., & Zainab, B. (2025). The perception of accountants/auditors on the role of corporate governance and information technology in fraud detection and prevention. Journal of Financial Reporting and Accounting, 23(1), 5-29.

Ibrahimnur, A. A. (2023). Impact of Cybercrime on the Finance Sector: a Case of Banks in Nairobi County, Kenya (2008-2022) (Doctoral dissertation, University of Nairobi).

Judijanto, L., Hindarto, D., & Wahjono, S. I. (2023). Edge of enterprise architecture in addressing cyber security threats and business risks. International Journal Software Engineering and Computer Science (IJSECS), 3(3), 386-396.

kraken, j. (2019). analysis of malware-the morris worm.

Kraken, J. (2019). Analysis of malware-the Morris Worm.

Morrison, B. A., Coventry, L., & Briggs, P. (2020). Technological change in the retirement transition and the implications for cybersecurity vulnerability in older adults. Frontiers in psychology, 11, 623.

Natalucci, F., Qureshi, M. S., & Suntheim, F. (2024). Rising cyber threats pose serious concerns for financial stability. International Monetary Fund.

Oloko, E. (2024). Auditors’ Perceptions and Experiences Regarding Internal Controls Mitigating Employee Fraud in Businesses (Doctoral dissertation, Capella University).

Omotosho, O., Aroyehun, A., Ogunwale, Y., Lala, O., & Onamade, O. (2023). Design And Implementation Of Multifactor Authentication In Curbing Automated Teller Machine Cybercrime. Information Technology, 2(2).

Onyshchenko, S., Yanko, A., Hlushko, A., Maslii, O., & Cherviak, A. (2023). CYBERSECURITY AND IMPROVEMENT OF THE INFORMATION SECURITY SYSTEM. Journal of the Balkan Tribological Association, 29(5).

Putrevu, J., & Mertzanis, C. (2024). The adoption of digital payments in emerging economies: challenges and policy responses. Digital Policy, Regulation and Governance, 26(5), 476-500.

Sipayung, E. S. N., Yanti, H. B., & Setya, A. B. (2022, December). Impact of Anti-Fraud Awareness, Fraud Detection Procedures, and Technology to Fraud Detection Skill. In 3rd Borobudur International Symposium on Humanities and Social Science 2021 (BIS-HSS 2021) (pp. 783-787). Atlantis Press.

Staff, H. R. S. (2011). Sample sizes and response rates.

Table of contents

CHAPTER ONE

INTRODUCTION

1.0 Introduction