With a population exceeding 250 million, largely young and increasingly urban, Nigeria has become one of Africa’s most dynamic digital markets.

Yet this progress comes with growing risk. As connectivity expands, so does exposure to cyber threats. The same systems powering innovation now enable intrusion, fraud, and disruption at scale.

By early 2026, Nigerian organisations were recording some of the highest volumes of cyberattacks on the continent.

Cybersecurity is no longer a technical concern, it is a national priority affecting financial stability, elections, infrastructure, and public trust.

Nigeria’s current framework, anchored by the Cybercrime Advisory Council (CAC) and the National Cybersecurity Coordination Centre (NCCC), was designed for an earlier era. While useful, it is no longer sufficient.

Today’s threats, ransomware, AI-driven fraud, deepfakes, and attacks on critical infrastructure, require a more robust, centralised response.

The reality is clear: Nigeria urgently needs a National Cybersecurity Council, established by law, empowered with authority, and accountable, to coordinate national policy, enforce standards, and lead incident response.

From Cybercrime to National Security Risk

Cyber threats in Nigeria have evolved significantly. What once consisted of opportunistic scams has become a sophisticated, global ecosystem.

Threat actors now include organised syndicates and ransomware groups using advanced tools and artificial intelligence.

A new frontier is emerging in human-AI fraud. Phishing messages are now highly convincing. Deepfake audio and video can be used to authorise transactions.

Synthetic identities blend stolen data with fabricated profiles. These tactics target not just individuals, but entire business processes.

Ransomware, in particular, has matured into a major threat. Attackers no longer just encrypt systems—they steal data and threaten public exposure.

Financial institutions, telecom operators, and government agencies are prime targets due to the sensitive data they manage.

The cost is significant. Beyond financial losses, cyber incidents lead to downtime, reputational damage, regulatory penalties, and erosion of trust, ultimately slowing digital adoption and investment.

Progress, but Persistent Gaps

Nigeria has made progress. Regulators in banking and telecoms have improved baseline security. Many organisations now operate security centres and use stronger authentication systems. The cybersecurity workforce is also growing.

However, national readiness remains fragmented. Responsibilities are spread across multiple agencies, leading to overlaps and gaps.

The CAC, by design, lacks the authority to enforce standards or coordinate large-scale responses. In a major cyber incident, unclear leadership could worsen the impact.

The talent gap is another challenge. Demand for cybersecurity professionals exceeds supply, and skilled experts are often recruited abroad.

Smaller organisations, including SMEs, hospitals, and state institutions, struggle to maintain adequate security, leaving vulnerabilities that attackers exploit.

The Case for Central Coordination

Nigeria’s cyber risk is rising alongside its digital economy. Investments in fintech, cloud services, and digital infrastructure continue to grow. However, without coordination, reforms risk becoming inconsistent and ineffective.

Global examples show what works. The United States established CISA as a central hub for cybersecurity. The United Kingdom’s NCSC provides leadership in crisis coordination and public guidance. Similar institutions in Canada and the European Union demonstrate the value of centralised governance.

Nigeria needs its own equivalent, a central authority with the mandate and capacity to act decisively.

What a National Cybersecurity Council Should Do

A National Cybersecurity Council would provide strategic direction and operational coordination. Its core responsibilities should include:

• Setting national cybersecurity standards across sectors
• Coordinating incident response during major cyber events
• Facilitating intelligence sharing between government and industry
• Building national cybersecurity capacity and workforce development
• Leading public awareness and trust-building initiatives

The Council must also support critical sectors, finance, energy, telecoms, and healthcare, through regular risk assessments and response exercises.

Designing for Impact

To succeed, the Council must be more than another committee. It should be backed by legislation, properly funded, and chaired at the highest level to ensure authority across agencies.

It should include key government bodies, regulators, and state representatives, with structured engagement with the private sector and academia. An independent technical advisory panel is essential to ensure expertise and accountability.

Transparency will also be critical. Regular public reports on cyber risks, incident trends, and national readiness will build trust among citizens and investors.

A Practical Agenda for 2026 and Beyond

Nigeria must prioritise real risk reduction. Key focus areas should include:

• Adopting Zero Trust security models across public and private sectors
• Strengthening identity and access controls
• Enhancing fraud detection in the growing cashless economy
• Protecting critical infrastructure through regular testing and resilience planning
• Leveraging AI responsibly for faster threat detection and response

Cybersecurity diplomacy should also be strengthened through international cooperation on cybercrime and intelligence sharing.

A National Imperative

Nigeria’s digital future is inevitable, and full of opportunity. But without strong cybersecurity governance, that future remains vulnerable.

A National Cybersecurity Council is not optional; it is essential. It represents the architecture of trust required for a resilient digital economy.

Nigeria is already a target. The real question is whether it will respond with the coordination, capability, and leadership required.

If it does, the country will not only lead Africa’s digital economy, it will secure it.

The pervasive applications of the Information and Communication Technology (ICT) means, we live in a hyper-connected world that is increasingly becoming connected on the Internet and its associated information networks and operating space, commonly referred to as the cyberspace.

As of April 2024, 5.44 billion people worldwide were internet users, which is 67.1% of the global population. This is an annual growth rate of 1.8%.

Of those users, 5.07 billion, or 62.6% of the world’s population, were also social media users, according to Statista.

In Nigeria, it is also noteworthy that active Internet subscriptions totaled 161,977,883 as at January 2024, reflecting a substantial increase from the 156,244,368 subscriptions in December 2023.

The Internet penetration remained robust at 42.53 percent, with broadband subscriptions totaling 92,195,937 million.

Consequently, private and public organisations are continuously migrating their operations and services online, just as modern industrial facilities and production systems are also increasingly connected to computer networks for their control and security.

As the critical digital infrastructures continue to connect to computer and information networks; in the nearest future, nations would rely on these networks for essential service delivery.

Therefore, the cyberspace has become a driving force for productivity and development, which makes the protection of Critical Information Infrastructure a national security responsibility requiring government, public and private sector to collaborate and synergise.

On the other hand, increase in Internet connectivity is also associated proliferation of attack vectors, thus, increasing vulnerability of critical systems to attacks by criminals, non-state and state actors.

A Nigeria Inter-Bank Settlement System (NIBSS’) report shows that, while losses to fraud in the financial industry in the rose from N5.1billion as at first quarter to N9.5 billion as at July 2023.

37 Sent to Jail over eFraud – EFCC

In meeting Government goal of ensuring a secure cyberspace for Nigeria, Section 41 (b) of the Cybercrime (Prohibition, Prevention, etc) Act, 2015 mandates (now amended) the Office of the National Security Adviser (ONSA) to “ensure formulation and effective implementation of a comprehensive National Cybersesurity Strategy and a National Cybersecurity Policy for Nigeria”.

In furtherance of this mandate, ONSA has developed an Action for implementing the National Cybersecurity Stratgy. The objective of the Action Plan is to outline government priorities, plan and direction for implementing the strategy.

To this end, the draft Action Plan identifies suggested activities, roles and responsibilities of key stakeholders with deliverables, timeline and Key Performance Indicators (KPI) for measuring progress towards effective implementation of the National Cybersecurity Strategy.

One of such stakeholders is the Nigeria Computer Society. However, the national executive council of the Society is wondering why the Federal Government has not deemed it necessary to include NCS on the National Cybersecurity Council hence they are calling for urgent review.

This, the NCS’ NEC said, is to ensure the inclusion of the 45-year-old foremost IT Professional Group in Nigeria, on the Cybersecurity Council as stipulated in the Nigeria’s Cybercrime Act and the Cybercrime Prohibition and Prevention Act 2004 (as Amended).

Techeconomy’s researches show that the National Security Adviser’s office (ONSA) coordinates the efforts of the security and law enforcement agencies in accordance with the 2015 Cybercrime Act (now 2024 amended) while the Attorney-General of the Federation strengthens and updates Nigeria’s current cybercrime legislative frameworks.

Speaking to journalists in Lagos, Dr. Muhammad Sirajo Aliyu, president of Nigeria Computer Society (NCS), said that the non-inclusion of the NCS in the Cybersecurity Council, as stated in the amended Cybercrime Act 2024, is a matter of concern.

He said that NCS has been the voice of Information Technology professionals for the past four decades now.  “Presently with over 20,000 members spread across all sectors of the economy, NCS continues to expand and grow in might and relevance.

The National Executive Council (NEC) under my leadership is determined to be strategic, innovative, and forward-looking in the running of the affairs of our great society. I want to assure you that we have made NCS the only platform for promoting IT development and enhancing corporate relevance. Together we shall move the Information Technology profession to desirable heights in Nigeria.

“Thus, as a key stakeholder in Nigeria’s cybersecurity ecosystem, the NCS is committed to contributing its expertise and resources towards enhancing national cybersecurity. We urge relevant authorities to reconsider this decision and ensure that all relevant stakeholders are adequately represented in decision-making processes concerning cybersecurity”, Dr. Aliyu said.

He said IT professionals should be involved in the implementation of the Act which offers Nigerian authorities an efficient, cohesive, and all-encompassing legal, regulatory, and institutional framework for the outlawing, averting, identifying, prosecuting, and punishing of cybercrimes.

On the Cybersecurity levy, the NCS President said,

“It is a good development that the government has reversed itself; had it been stakeholders’ inputs where incorporated, the embarrassing situation would have been curtailed”.

On his part, Dr. Charles Onyeukwu, deputy president of NCS, commended the Federal Government on the push for AI inclusion into the national development plans, through the Federal Ministry of Communications, Innovation and Digital Economy.

He however, reiterated that NCS deserves more presence and recognitions in the government sphere as they (NCS members) are expects in information technology.

“We want to see government invite us to make contributions towards IT related policies. As experts we continue to research on new ways of doing things and are always ready to contribute during policy formulation.

Prof. Adesina Sodiya, the immediate past president of NCC also said that government needs to listen more to the stakeholders.

According to him, “When the Cybercrime Act 2015 was up for a review, we were invited, but didn’t hear any time a public hearing was held. The news came as a surprise that the Act has been amended and passed.

“Any crime that affects critical national infrastructure like cybercrime must be curbed. However, you do not cut off the head to cure the headache.

“On Financial Institutions, they experience breaches almost all the time. We are interested in working with them on strategic approach to have a robust system,” he said.