Abstract
With the recent technological advancements, there is the need for a business organisation to employ risk management strategies that are aimed at combatting the incessant data breaches, whose negative implications are many. The main aim of the study is to investigate the current information security risk management strategies employed by the Kenyan Banks and suggest measures that the banks can adopt to bolster them and ameliorate adverse effects on their financial performance that is associated with a data breach. The research was carried out using quantitative descriptive design. Data was collected from 20 Kenyan banks, which were selected randomly from the 44 banks operating in the Kenyan financial sector. The design of the questionnaire was informed by the general deterrence theory as well as the information systems security theory. The results of the study were then analysed using Microsoft Excel and Statistical Package for Social Sciences (SPSS). The results of the study indicated that the Kenyan Commercial banks have average risk avoidance measures, are reluctant to transfer their risks to third parties through outsourcing, and lack robust risk mitigation measures, specifically business continuity plan and disaster recovery plans.
