Assessing the Risks of Cyberattacks on Libyan Banks and Ways to Mitigate Them

Abstract

Libyan banks are digitizing quickly (e-banking web sites, mobile applications, online foreign-currency reservation platform, etc.) in a threat environment shaped by global cyber crime, a regional state of war and asymmetric cyber maturity. The paper implements the risks of a cyberattack on the Libyan banks by synthesizing (i) Libya-specific evidence from reported incidents (e.g., DDoS disruption affecting the Central Bank of Libya’s online foreign-currency reservation platform; bank web/mobile compromise reports; technical evidence of a vulnerability from a ‘2025 Nessus-based assessment’ of Libyan bank websites) and (ii) global financially-sector threat baselines from recent large-scale datasets (Verizon DBIR 2025; ENISA Threat Landscape 2025; and ENISA Finance Sector Threat Landscape covering 2023–H1 2024). We use a structured qualitative risk approach which maps threats, attack surfaces and likely impacts to control objectives from NIST Cybersecurity Framework (CSF) 2.0 and SWIFT’s Customer Security Controls Framework (CSCF), and to resilience expectations in the Basel Committee’s principles for operational resilience. Findings suggest that three risk clusters dominate for Libyan banks: availability disruption (especially DDoS) threatening public-facing banking and central-bank platforms; credential-led intrusions that enable ransomware and account takeover; and exploitable web-application and configuration weaknesses affecting banking web assets. We present a prioritised mitigation roadmap guided by reduction of risk per unit of effort. Governance (CSF “GOVERN”) should be the first priority, followed by identity hardening and phishing resistance, segmentation with secure remote access, continuous monitoring, tested incident response, and sector-wide resilience exercises, taking into account Libyan legislation on electronic transactions and cybercrime deterrence.