Mauritius-based FMB Capital Group operates across Botswana, Malawi, Mozambique, Zambia, and Zimbabwe, offering a wide range of financial solutions to corporates, government entities, institutions, businesses, and retail clients. The Group has established itself as a leading corporate and transactional bank in the region.
The Group’s cybersecurity journey began six years ago with the creation of a dedicated function based in Mauritius. At the time, each country operated in isolation, with cybersecurity and information security handled inconsistently and without coordination. There was little focus, no standardization, and a lack of alignment in cybersecurity and GRC processes.
“With the establishment of the group function in Mauritius six years ago, we were able to roll out a centralized strategy across all countries. This has delivered significant value—especially in strengthening our cybersecurity and technology risk posture,” says Gawtam Raiy Kallychurn, CISO of the Group.
However, implementing a unified approach has not been without challenges. Cultural differences and varying regulatory frameworks posed significant hurdles.
“We operate in five different countries, each with its own cybersecurity guidelines. Ensuring compliance across the board has been demanding. One of the biggest challenges was onboarding new projects in each country while ensuring that all cybersecurity and technology risk requirements were met,” says Gawtam.
Previously, policies and procedures were developed on an ad hoc basis. Today, the Group follows a centralized framework that all its banks must comply with. Oversight is managed from Mauritius.
One major milestone in this transformation was the establishment of a Security Operations Center (SOC) and the implementation of a Managed Detection and Response (MDR) service.
“Given the challenges of building these capabilities internally, we turned to external support and partnered with Secureworks | Sophos and its partner AuraData Technologies,” says Gawtam.
Now in its fifth year, the partnership continues to grow.
“They’ve supported us in deploying essential solutions and consistently deliver high-quality services to ensure a strong cybersecurity posture. Regular meetings and review sessions help us stay aligned on MDR and SOC operations,” says Gawtam.
He adds that the Group chose Secureworks | Sophos because the vendor has kept pace with evolving cybersecurity trends—from detection and protection to response capabilities.
“I also see a strong commitment from their leadership; they listen to clients’ needs and continuously work to align their offerings with what CISOs are truly looking for—more focus, more actionable insights, and tools that help direct our time, energy, and effort toward protecting the business from risk. Secureworks | Sophos is clearly staying ahead by adapting to market demands, which is why we continue to value and maintain our association with them.”
Looking ahead, Gawtam says AI will play a critical role in the Group’s cybersecurity strategy.
“I would say that currently, we have all the technologies needed to build a strong cybersecurity and technology posture. However, these tools are disparate, and without consolidating the data, it’s difficult to get a comprehensive view of our security landscape.
By leveraging AI and machine learning, we can unify and analyze this data to develop customized cybersecurity models that deliver actionable insights and greater visibility for different stakeholders.”
He explains that certain information will be relevant to board directors and executives, while other details will be more meaningful to operational-level teams.
“What I’m really aiming for next is to use AI and ML to build intelligent dashboards that accurately reflect our cybersecurity and technology risk posture. This is something I’m excited to work on—with both my internal team and our external partners.”
He also shares a piece of advice for his peers in the cybersecurity space:
“While leveraging AI and machine learning, use the data generated within your own environment. External threat intelligence can help to an extent, but it’s crucial to build models that are tailored to your organization—models that add tangible value.
These models should enhance risk visibility and demonstrate how your technologies and initiatives contribute to business outcomes.
Just as importantly, ensure you have the right people with the right skills—and the right partners—to support you. The concept of ‘people, process, and technology’ has never been more relevant. When all three are aligned, you can unlock the full potential of your cybersecurity strategy.”
