On May 6, 2024, the Central Bank of Nigeria issued a circular (PSM/DIR/PUB/LAB/017/004) addressed to ‘all commercial, merchant, non-interest and payment service banks; other financial institutions, mobile money operators and payment service providers.
The circular prescribes the ‘implementation guidance’ on the collection and remittance of the National Cybersecurity Levy of 0.5% on all electronic transactions.
What followed was a firestorm of discontent across Nigeria over a new levy. The Central Bank’s (CBN) plan to raise funds for cybersecurity has backfired, landing like a heavy stone on citizens and businesses already weighed down by economic woes.
This new levy is seen as a final straw for many. Nigerians are grappling with soaring inflation that erodes their purchasing power, and a weakened Naira that stretches their budgets even further.
The additional bite from the cybersecurity levy feels like the government dipping directly into its pockets, especially at a time when every Naira counts.
Beyond the immediate financial strain, there’s a deep skepticism about the levy’s effectiveness. Critics question whether these collected funds will translate into tangible improvements in cybersecurity. Many are demanding more transparent solutions. Solutions that bolster the country’s digital defenses without squeezing the life out of an already struggling population.
Speaking to Techeconomy on the issue, Primidac, a cybersecurity expert and analyst discussed the urgency of providing cybersecurity mechanisms for financial institutions in Nigeria.
He said:
“If I hack into CBN now using software from the dark web I can electronically transfer money into my account or an offshore account without being tranced. or if there is an insider threat, money can be siphoned with no trace.
“Financial institutions are targeted heavily around the world every day. New hacking methods and techniques are being adopted every day, so financial institutions need to strengthen their security,” said Primidac.
“The issue behind the implementation of the cyber security fee is to provide more security and funding for this. Cyber Security is a billion-dollar field and as such needs as much money to carry it out cause much focus is not directed into this, the loss would be more. The real question is will the fee be used for what it is said it would be used for?
The implementation of this new policy has been shrouded in secrecy, which is only serving to further inflame tensions.
Critics have pointed out the lack of transparency and the absence of any meaningful consultation with key stakeholders, particularly those in the financial sector and the general public.
Experts are raising their voices, questioning whether the levy even aligns with existing legal frameworks. Whispers abound of potential conflicts with tax regulations or hidden clauses within the Cybercrime Act that might not explicitly authorize such a broad levy.
On one side, Primidac believes that businesses rather than customers should bear the burden of cybersecurity.
“The business should bear the burden of protection always as people should feel safe using your services. Customers are never to bear the burden of protection in a case of security loopholes or mishaps,” he said.
He added that if Nigeria aims to fully transition into a cashless economy, then it must utilize the necessary tools to ensure that financial institutions are safe from cyber threats.
The cybersecurity levy in Nigeria walks a tightrope between necessity and burden. While the stated goal of bolstering national digital defenses is undeniable, the levy’s impact on the economy and individual Nigerians remains a question mark.
Proponents argue it is a necessary investment, a stitch in time to save the financial system from cyberattacks that could cripple the entire economy. Yet, critics fear it might be a case of bleeding the patient. The levy could stifle the very digital transactions it aims to protect.
