A CONTEXT-AWARE DECISION SUPPORT SYSTEM FOR CYBERSECURITY INVESTMENT AND RISK GOVERNANCE IN THE NIGERIAN FINANCIAL SECTOR

Abstract

Nigerian financial institutions face escalating cyber threats while operating under the Central Bank of Nigeria’s (CBN) 2024 Risk-Based Cybersecurity Framework, which mandates specific governance, investment, and reporting obligations. However, no structured, context-aware decision support system (DSS) exists to help these institutions allocate limited cybersecurity budgets across competing controls, regulatory mandates, and evolving threat vectors. This study addresses that gap using Design Science Research (DSR) methodology (Peffers et al., 2007). We design, demonstrate, and evaluate a DSS artifact that integrates multi-criteria decision analysis (MCDA) with an adapted Gordon-Loeb optimization model, incorporating Nigerian-specific inputs: CBN regulatory weights, local threat intelligence, and institutional budget constraints. The DSS produces prioritized investment recommendations and governance dashboard outputs aligned with CBN 2024 Framework requirements. Illustrative demonstration using realistic Tier-1 Nigerian bank data shows that DSS-guided allocation improves risk reduction per currency unit by 9 percentage points and achieves full regulatory compliance coverage compared to typical industry practices. The artifact contributes prescriptive knowledge to cybersecurity investment literature and provides Nigerian financial institutions with a practical tool for evidence-based risk governance. Empirical validation in live banking environments remains necessary before full deployment.