By Ifeoma Ben, LLM, MBA
Nigeria’s digital transformation energized by increased internet access, mobile banking growth, and economic digitization has brought new opportunities and threats. Cybercriminals have exploited vulnerabilities in both private and public sectors, with devastating consequences. In 2024 alone, financial fraud surged by 45%, costing over ₦150 billion, while major platforms and institutions like Flutterwave, Sterling Bank, and the National Bureau of Statistics fell victim to breaches.
Emerging Cyber Threat Landscape
The threats facing Nigeria are diverse and rapidly evolving. Financial systems have been targeted by fraud and data theft, highlighted by the ₦11 billion breach at Flutterwave and ₦1.2 billion stolen from Sterling Bank. More recently, social manipulation campaigns including sextortion schemes saw 63,000 Instagram accounts removed. Ransomware, supply chain attacks, phishing, and cyber‑physical risks continue to escalate globally and domestically.
Strengthened Legal Defenses
In response, Nigeria updated its Cybercrimes Act in 2024 to enhance preparedness and oversight. Key reforms include establishing sectoral Computer Emergency Response Teams (CERTs) with mandatory 72-hour incident reporting to mitigate threats; non-compliance carries fines of ₦2 million. The law also broadened liability for identity theft and cyber-stalking, imposed stricter KYC/NIN rules, and introduced a 0.5% cybersecurity levy on digital transactions to fund national cybersecurity efforts.
The Nigeria Data Protection Act (NDPA) 2023 further complements this framework, mandating all businesses to implement appropriate data security and privacy measures with penalties up to 2% of annual turnover.
Sector-Specific Risks
Each sector faces unique threats:
• Financial services are under constant siege from fraud and mobile-banking scams.
• SMEs often sidestep cybersecurity investments, despite growing incident reporting obligations.
• Universities and health systems require structured risk frameworks to protect sensitive and operational data.
• Infrastructure providers, including telcos, must defend against DDoS and hardware-based disruptions.
Human and Technical Resilience
Technical defenses are inadequate without robust user education. A Reddit thread emphasizes that most breaches are due to human error: phishing, weak passwords, insider threats. Deloitte notes that AI-driven cyber-attacks are on the rise, necessitating equally advanced defense systems, especially for SMEs facing cost constraints .
Legal Industry’s Expanding Role
The legal profession is central to fortifying Nigeria’s cybersecurity posture:
1. Regulatory compliance: Lawyers guide organizations through new 72-hour incident reporting, cybersecurity levies, and sectoral CERT engagements.
2. Policy advisory: Legal experts aid regulators in refining legislation to match evolving threats and streamline enforcement.
3. Corporate governance: Drafting internal cyber policies, data processing agreements, incident response plans, and SLAs are increasingly in demand.
4. Incident and breach support: Providing counsel during reporting, containment, and regulatory response phases.
5. Dispute resolution: Representing clients in cases of cyber fraud, ransom negotiations, cross-border data exposure, and liability claims.
6. Training and risk management: Advising on staff education, vendor contracts, supply chain resilience, cybersecurity insurance, and best practices.
Conclusion
Nigeria’s cybersecurity landscape is rapidly maturing with updated legal frameworks and greater institutional capacity. Despite progress, success hinges on proactive engagement; investing in technology, building awareness, and reinforcing regulatory frameworks. For legal professionals, this represents an opportunity to lead: from advising on compliance strategies and policy development to managing cyber incidents and shaping corporate governance. In a digital-first Nigeria, cybersecurity will be not just an IT concern, but a central pillar of legal practice.
