[ad_1]
Cybercrime has become a constant source of alarming headlines
worldwide, dominating news cycles across tabloids and electronic
media. A significant number of individuals globally have fallen
victim to phishing schemes, fake internet accounts used to
impersonate others, cruel cyberbullying, intrusive stalking,
hacking, blackmail threats, and a steady stream of fake news,
primarily disseminated through the internet. Unfortunately, the
majority of victims choose to remain silent, often due to fear of
the unknown, ignorance of relevant laws, or a lack of resources to
file complaints with the appropriate agencies.
At the forefront of the silence and inactivity, especially after
suffering from internet related menace, is ignorance. A good number
of Nigerians assume that cybersecurity laws only apply to persons
within the tech ecosystem. Most people are unaware of the legal
framework that ensures online safety and combats internet
crimes.
Nigeria, through the instrumentality of the constitution and
other cybercrime laws and data privacy regulations, whether
applying to the general public or within specified industries, has
established a series of legal protections which serve to combat
cybercrime.
The major problem, leading to the current state of lawlessness
and inactivity, is that people remain unaware of these laws and how
to employ them to protect themselves, as well as which institutions
to contact in cases that demand the intervention of the relevant
regulatory institutions.
According to a recent survey, 35% of all global cyberattacks
were ransomware (a type of cyber-attack that encrypts the
victim’s personal data until a ransom is paid). There was an
increase of 84% in ransomware over the previous year. It also
revealed that 70% of the ransomware targeted small and medium scale
Businesses. Additionally, Phishing attacks (a type of cybercrime
where malicious actors attempt to trick individuals into revealing
sensitive information, such as usernames, passwords, credit card
details, and other personal information) increased by 1,265%. These
attacks are mainly driven by the massive developments in Gen
AI.1
The Court of Appeal in Daily Times Nig. Plc v. Arum
(2023) 17 NWLR (Pt. 1914) 559 on the implication of
publishing defamatory matter online, stated as follows;
‘A publication made online carries far-reaching
implications. A major feature of texts, pictures and every material
placed on the Internet is universal accessibility with minimal
protocols, anywhere and everywhere there is access to the Internet.
Publishing through the Internet or making a publication online
implies a desire to make the materials so published available
globally.’ (P. 575, paras. C-E)
The Hon.Justice Hannatu Jummai Sankey, JCA made a striking
comment in the case of Jubril v. FRN (2018) LPELR43993
(CA);
“It must be disheartening to all right-thinking
Nigerians that the rampant, atrocious and egocentric crime has
unleashed dire consequences on the integrity and image of the
country. This has both short-term and long-term effects on society
and the nation as a whole. Therefore, although the punishment
prescribed by law, may appear harsh and draconian, it is hoped that
it will deter like-minded persons from embarking on such criminal
ventures.”
This article aims to break down Nigeria’s cybersecurity
compliance framework and online safety laws for every Nigerian.
THE FOUNDATION OF CYBERSECURITY LAW IN NIGERIA.
The special relationship between the law and social phenomena,
where the law either preempts criminal or civil wrongs or it reacts
to criminalise action, has played its role in the cybersecurity
issue in Nigeria. From the rise of digital fraud to data breaches,
cyberbullying, cyberstalking and other digital malfeasance, the
cybersecurity legal frameworks in Nigeria were birthed. The
framework evolved through the lenses of constitutional protections,
statutory intervention, and sector-specific regulations. Today, the
cybersecurity legal framework of the country is a multi-layer
system.
Let us consider, presently, the relevant layers of the Nigerian
Cybersecurity legal framework:
1. THE 1999 CONSTITUTION (AS ALTERED)
The 1999 constitution, being the groundnum of the Nigerian legal
system itself, is the bedrock of Nigeria’s cyber laws. The idea
that every Nigerian has a constitutional right to their own
privacy, which includes privacy in the digital space, is provided
for by Section 37 of the constitution. It is on this constitutional
foundation that the entire individual protection in cybersecurity
is built.
2. CYBERCRIMES (PROHIBITION AND PREVENTION, ETC.)
AMENDMENT ACT, 2024
The Cybersecurity (Prohibition and Prevention, etc) Amendment
Act was first promulgated in 2015 and was further amended in 2024.
It is Nigeria’s primary cyber law. The Act is significant
because of two important provisions:
- It criminalises a broad range of cybercrimes (Sections 6, 8,
9,10, 11, 12 of the Act) - It imposes a responsibility on service providers, banks, and
telecoms to help detect and report digital crimes (Section 7 of the
Act).
The Act also offers a thorough framework for fighting violations
such as the following:
- Hacking and Unauthorised Access
- Cyberstalking and Online Bullying
- Phishing, Identity Theft, and Financial Fraud
- Pornography and Online Child Exploitation
- Cyberterrorism and strikes on key infrastructure, etc.
THE NIGERIAN DATA PROTECTION ACT 2023.
Prior to 2023, the framework of Data protection in Nigeria was
essentially regulated by the Nigeria Data Protection Regulation
(NDPR) 2019, which introduced baseline rules for handling personal
data. However, with the passage of the Nigeria Data Protection Act
(NDPA), 2023, the country took a major leap forward with regards to
Data Protection, bringing the regulation of data in Nigeria in line
with global best practices. This marked a significant advancement
for the country in the area of data protection.
THE ADVANCE FEE FRAUD AND OTHER RELATED OFFENCES ACT, 2006
The Advance Fee Fraud and other Related Offences Act, 2006is a
legislation which aims to criminalise and prescribe punishment for
different forms of fraudulent activities, including, but not
limited to advance fee fraud commonly known as “419” and
related offences. It criminalises specific acts, provides for
consequent penalties, and procedures for prosecuting such crimes.
The primary focus of the law is on protecting individuals as well
as financial institutions from criminal fraudulent activities.
Key provisions of the Act include:
- Prohibition of Advance Fee Fraud:
Section 1 of the Act explicitly prohibits obtaining
property or inducing the delivery of property, whether in Nigeria
or elsewhere, through impersonation or false pretences with the
intention to commit fraud. This provision covers circumstances
where money or other digital or physical assets are obtained under
false pretences or in exchange for promises of delivery of goods or
services that were never delivered. - Other Fraudulent Offences:
Beyond proscription of ‘419’ activities, the Act
also proscribes other associated offences, such as using premises
for fraudulent activities and inducing people to travel to Nigeria
for fraudulent purposes.
THE ECONOMIC AND FINANCIAL CRIMES COMMISSION (ESTABLISHMENT,
ETC.) ACT, 2004 AND THE MONEY LAUNDERING (PREVENTION AND
PROHIBITION) ACT, 2022.
The EFCC Act, together with the Money Laundering Act, directs
the attention of the anti-money laundering and financial crimes
agency’s incessant attention to cyber-based financial offences
while, at the same time, paying special attention to digital asset
scams and illegal online financial transactions. For instance, the
recent case of Crypto Bridge Exchange ‘CIBEX’ and its
alleged fraudulent activities is still under investigation by the
agency.
TERRORISM (PREVENTION AND PROHIBITION) ACT, 2022
The Terrorism (Prevention) Act, 2011, was the first statutory
intervention directed towards the prevention of terrorism in
Nigeria. However, in 2022, the Act was further amended to the
present Terrorism (Prevention and Prohibition) Act, 2022. The law
establishes a comprehensive legal framework for detecting,
preventing, and prosecuting acts of terrorism and related
activities. The Act also addresses terrorism financing,
proliferation of weapons of mass destruction, and related
matters.
A very important provision of the Act, for the purpose, is the
provision on terrorism Financing. Section 13 (2) (e) and 21 (1) of
the Act criminalise financing terrorism and solicitation of funds
through any means, including digital platforms for the propagation
of any acts of terrorism.
SECTOR-SPECIFIC LAWS THAT PROMOTE CYBERSECURITY.
NIGERIAN COMMUNICATIONS ACT, 2003
The Nigerian Communications Act of 2003 (NCA) primarily focuses
on liberalising the telecommunications sector and establishing the
Nigerian Communications Commission (NCC) as the regulatory body.
While the Act lays the foundation for telecommunications
regulation, it contains limited provisions specifically addressing
cybersecurity and data protection. However, the Nigerian
Communications Commission, empowered by the Act, plays a role in
ensuring cybersecurity through its licensing and regulatory
functions. Other related legislation, like the Cybercrime Act,
complements the NCA in addressing cybersecurity threats.
Additionally, the Nigerian Communications Act of 2003, together
with NCC Guidelines, establishes rules for telecom providers to
require SIM registration while protecting ISP customer data.
NIGERIAN BAR ASSOCIATION CYBERSECURITY GUIDELINE, 2024
The Guidelines is a product of the Nigeria Bar
Association aimed at imposing the responsibility to protect client
data and digital ethics on lawyers in Nigeria.
Article 2 (a) of the Guideline requires Nigerian lawyers to
implement and maintain appropriate cybersecurity measures to
protect client information against unauthorised access, disclosure,
alteration, or destruction.
Under Article 5 of the Guidelines, Nigerian lawyers and legal
organisations must implement robust and secure network
configurations to safeguard against unauthorised access and cyber
threats. This includes, but not limited to:
- Firewalls and Intrusion Detection Systems:
Deploying and maintaining firewalls and intrusion detection systems
to monitor and control incoming and outgoing network traffic,
preventing malicious activities. - Secure Network Protocols: Utilising secure
network protocols, such as Virtual Private Networks (VPNs), for all
remote access to ensure data confidentiality and integrity. - Regular Assessments and Audits: Conducting
periodic assessments and audits of network configurations to
proactively identify and remediate vulnerabilities. This includes
regularly checking for unauthorised devices or access points
connected to the network. - Network Segmentation: Where appropriate,
segmenting the network to isolate sensitive data from general
office networks. This measure limits potential exposure and
contains the impact in the event of a network breach.
CBN CYBERSECURITY FRAMEWORK AND GUIDELINES FOR DEPOSIT MONEY
BANKS AND PAYMENT SERVICE BANKS, 2024.
The Central Bank of Nigeria (CBN) recently issued a Risk-Based
Cybersecurity Framework and Guidelines for Deposit Money Banks
(DMBs) and Payment Service Banks (PSBs). The framework came into
effect on July 1, 2024, outlining the irreducible cybersecurity
requirements for these Deposit Money Banks and Payment Service
Banks to improve their capability to counter cyber threats. The
framework places importance on governance structure, risk
management, resilience, and quick response cyberattacks.
The purpose of the framework is to serve as guidance to DMBs and
PSBs in developing and administering vigorous cybersecurity
programs to safeguard their systems, data, and customers from
cyberattacks.
Why Cyber Crimes Still Persist in Nigeria
The Nigerian legal system possesses strength, but its
implementation suffers because of insufficient funding, along with
fragmented enforcement procedures. The majority of police personnel
lack proper training to handle digital crime investigations. Some
lack the technical tools. The lack of seriousness from some law
enforcement personnel towards online threats is also a major
problem.
Similarly, the majority of Nigerians avoid reporting cybercrimes
because they doubt authorities will handle their cases seriously,
or they lack information about proper reporting procedures.
RECENT CASES OF CYBERSECURITY HACKS IN NIGERIA.
- In 2021, suspected hackers infiltrated the website of the Delta
state government, placing job advertisements on the portal with a
recruitment fee of ₦8,500. The Delta state government
promptly released a statement informing the public that its website
had been hacked and disowning the said job
advertisement.2 - In 2013, a medical student of the Delta State University hacked
the phone of the then Delta State Governor, Emmanuel Uduaghan,
sending a text message to the institution’s vice chancellor,
Prof Eric Arubayi, instructing him to make sure that the hacker
obtains credits in specific courses, which he
failed.3 - In July 2025, hackers infiltrated the phone of the Osun State
Governor. Spokesperson of the governor, Mr Olawale Rasheed,
disclosed that one of the phone numbers of his principal has been
hacked.4 - In July 2025, a hacker in Imo state entered the roof of a
commercial bank and waited until close of business before hacking
the computers of the bank. The bank resumed the next day, only to
start their computers but with the response “Restarting. Click
OK to accept.” he was subsequently discovered and
arrested.5 - In April 2025, suspected hackers hacked the systems of an
unnamed bank, and moved a reported 10 billion into other
undisclosed accounts. The Police authorities subsequently brought
an application before the Federal High Court in Abuja to place a
Post No Deposit (PND) on all the accounts the monies were moved to,
so as to track and prevent the dissipation of the
fund.6
THE CONNECTION BETWEEN CYBERSECURITY AND LABOUR RELATIONS IN
NIGERIA.
The connection between cybercrime and unemployment in Nigeria is
a significant issue for experts and policymakers alike. As the
digital economy grows, so does the complexity of cybercriminal
activities. Nigeria, undergoing rapid digital transformation, is
becoming a focal point for cybercriminals due to widespread
internet access, weak cybersecurity, and societal
vulnerabilities.
Unemployment, especially among youth, is a major problem in
Nigeria. The effect of cybercrime on job markets, including its
potential to eliminate legal jobs, hinder economic growth, and
raise unemployment, has not been adequately explored in Nigerian
economic discussions. Cybercrimes in Nigeria include financial
fraud, identity theft, internet fraud, hacking, and online
extortion. These crimes disrupt the digital economy, causing
substantial financial losses to businesses, government, and
individuals. Consequently, funds that could be used for job
creation and economic development are instead spent fighting
cybercrime, thus limiting job growth. Furthermore, the rise of
cybercrime often creates job insecurity and an unfavourable
economic climate that discourages investment in legitimate
industries, worsening unemployment.7
WHAT EVERY NIGERIAN NEEDS TO KNOW ABOUT CYBERSECURITY.
- Need to protect Your Data: Your data requires
protection; you should avoid sharing passwords and bank details,
and national ID numbers without proper caution. In addition, you
need to be wary of accepting terms and conditions on websites
without thoroughly reading and understanding those terms. These are
means to trade off your personal details without active
participation. - Know your rights: the first step to protecting
your rights is knowing that such rights in fact exist. The next
step is to take decisive steps by reporting any form of
cybersecurity breaches, such as cyberbullying, cyberstalking as
well as blackmail, fraud, and data breaches to the appropriate
agencies, including but not limited to; Nigeria Police Cybercrime
Unit or the Economic and Financial Crimes Commission, or the
Nigeria Data Protection Commission. - Update your internet security: Make your
security a priority by implementing strong passwords, together with
two-factor authentication and antivirus software. - Speak out: Online harassment and scams require
victims to voice their situations. The law provides solutions for
these cases. - Always obtain permission before posting
content: The distribution of private photos or chats
without approval or consent from the owner can result in criminal
prosecution.
CONCLUSION.
Online safety is non-negotiable. This starts with an
individual’s duty to protect personal information while
understanding digital rights and alerting the relevant authorities
about suspicious activities. It does not end there.
Also, Nigeria really needs to advance cybersecurity from its
current policy status to a national priority so it can compete
effectively in the global digital economy. The achievement of
cybersecurity requires equal measures of state responsibility and
institutional unity, together with continuous funding for digital
infrastructure development and enhanced law enforcement
capabilities.
The law must not only exist on paper, but it must be enforced in
practice. The same level of attention that goes into creating these
laws for both punishing cybercriminals and safeguarding digital
rights of citizens and businesses, and institutions must be
dedicated by policymakers to develop public education programmes
and provide enforcement training for investigative agency
resources. With these in place, the internet can become a safer
platform for expression, information, and innovation.
Footnotes
1 SentinelOne, ‘Key Cybersecurity Statistics for
2025’ < https://www.sentinelone.com/cybersecurity-101/cybersecurity/cyber-security-statistics/
> accessed 11 July 2025.
2 The Punch, ‘Fraudsters hack into Delta website, fix
job application fee at N8,500’ < https://punchng.com/fraudsters-hack-into-delta-website-fix-job-application-fee-at-n8500/
> accessed 11 July 2025.
3 The Vanguard, ‘How hacker stunned Gov Uduaghan,
cloned his phone to solicit favours’ < https://www.vanguardngr.com/2013/05/how-hacker-stunned-gov-uduaghan-cloned-his-phone-to-solicit-favours/
> accessed 11 July 2025.
4 The Vanguard, ‘Scammers hack Osun gov’s phone
number —Aide’ < https://www.vanguardngr.com/2024/07/scammers-hack-osun-govs-phone-number-aide/
> accessed 11 July 2025.
5 Daily Trust, ‘How man who sneaked into bank through
toilet was caught hacking systems’ < https://dailytrust.com/how-man-who-sneaked-into-bank-through-toilet-was-caught-hacking-systems/
> accessed 11 July 2025.
6 Legit ‘Scammers Hack Nigerian Bank, Steal N10
Billion, 818 Accounts Identified as Other Banks Upgrade’ <
https://www.legit.ng/business-economy/money/1619636-scammers-hacks-nigerian-bank-steal-n10-billion-818-accounts-frozen-zenith-upgrade/
> accessed 11 July 2025.
7 Joonas Jouko, ‘The Relationship Between Cybercrime
and Unemployment in Nigeria’ < https://www.researchgate.net/publication/388659828_The_Relationship_Between_Cybercrime_and_Unemployment_in_Nigeria
> accessed 11 July 2025.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
[ad_2]
Source link
Click Here For The Original Source.
