Volume 18, Number 3
Evaluating the Effectiveness of Cybersecurity Frameworks in Mitigating Phishing Threats in Digital Microfinance Institutions
Authors
Richard Mathenge, Catherine Mukunga and Ephantus Mwangi, Kirinyaga University, Kenya
Abstract
Phishing remains a dominant cybersecurity threat worldwide, particularly affecting Digital Microfinance Institutions (MFIs) in resource-limited settings. Although the most popular frameworks, including ISO/IEC 27001, NIST CSF, COBIT, and CIS Controls, are widely recognized, their effectiveness in preventing phishing attacks in MFIs remains unexplored. This research follows a qualitative-dominant mixed-methods design, with a primary focus on semi-structured interviews with cybersecurity managers (n=24), a staff survey (n=150), and analysis of phishing incident reports from six MFIs in Nairobi, Kenya. Institutions that implemented cybersecurity systems holistically reported reductions in phishing incidents ranging from 22–35% within the sampled institutions, especially when detection and response systems were actively maintained. In contrast, 83% of MFIs used the frameworks as compliance checklists, with limited training and no real-time monitoring. The semi-structured interviews also indicated that infrastructural limitations, poor governance, and the lack of behavioral awareness further limited the framework's effectiveness. To tackle these challenges, the study presents an Adaptive Cybersecurity Framework combining a modular governance system with a lightweight GRU-based phishing mitigation method, tailored for low-resource environments. The study advances understanding of framework adaptation in developing economies and provides actionable insights for developing robust, human-centered cybersecurity frameworks within digital financial inclusion ecosystems.
Keywords
Phishing attacks, Cybersecurity Frameworks, Digital Microfinance Institutions, Adaptive Cybersecurity, GRU Neural Networks