Officials said the framework aims to keep Lagos safe as the state expands its digital economy and implements its smart city plans.

The Commissioner for Information and Strategy, Gbenga Omotoso, said cyber risks are growing as more organisations move services online and rely heavily on digital systems.

He said Lagos, which is one of Africa’s busiest technology centres, now faces greater exposure to attacks targeting companies, financial services, e-commerce platforms and public institutions.

Noting figures from the National Information Technology Development Agency, Omotoso said Nigeria loses more than $500 million every year to cybercrime.

“This underscores the urgency for stronger, coordinated cybersecurity measures to protect businesses, institutions and residents,” he said.

According to the state government, the guidelines provide steps for small businesses, major companies and ministries, departments and agencies.

They include security checks to identify weak points, stronger login protection such as multi-factor authentication, regular software updates, secure data backups, staff training and phishing awareness exercises.

The framework also advises organisations to improve incident reporting and ensure they meet national legal requirements on data protection and cybercrime.

“The document reflects our proactive approach to safeguarding digital assets while enabling innovation and economic growth.

“These guidelines are not regulatory mandates but tools empowering stakeholders with actionable, context-specific recommendations,” Omotoso said.

Lagos said the new cybersecurity guidelines supports existing national laws and policies, including the Cybercrime Act 2024, the Nigeria Data Protection Act 2023 and the National Cybersecurity Policy and Strategy.

Officials stressed that the state guidelines are meant to complement federal regulations, not replace them.

Omotoso said a secure digital environment is necessary to encourage innovation, attract investment and maintain public trust.

He also commended the Lagos State Cybersecurity Advisory Council, chaired by Prof. Fene Osakwe, for leading work on the document.

He acknowledged support from Tubosun Alake, saying his contribution was important to delivering the project.

“A cyber secure Lagos is critical to sustaining its position as a globally competitive technology hub in the 21st century,” he said.

The state government added that it will continue reviewing the guidelines as threats change and new risks emerge, including ransomware and other advanced attacks.

Earlier this year, the Central Bank of Nigeria (CBN) revealed that financial fraud surged by 45% in the past year, with 70% of losses linked to digital platforms such as mobile apps, unregulated fintechs, and virtual asset schemes. 

The Economic and Financial Crimes Commission (EFCC) has also said that Nigeria could be among the countries to lose part of the $10.5 trillion the world stands to forfeit to cybercrime by 2025, with more than 2,300 cases reported every single day.

So, while we are celebrating progress, more people using apps to pay bills, more traders moving money with a tap of the phone, the other situation is that cybercrime is growing just as fast, if not faster. And it is not just the numbers that are frightening; it is the fact that we are unprepared for the scale of the problem.

Nigeria’s digital economy is expanding at a pace few imagined a decade ago. From mobile banking to online trading platforms, the transition to digital is bolstering how people and businesses move money. But then, there is the high cost that we can no longer ignore, and this is the surge in cybercrime.

The Banking Sector’s Burden

In this tussle, every new defence banks create seems to attract a smarter counterattack from fraudsters.

The surge in cyberattacks has left banks with little choice but to commit more resources to security systems, monitoring tools, and compliance processes. CBN’s fraud data has made it clear that the costs of inaction are higher than the costs of investment.

But this creates a dilemma. Every new layer of authentication, every delay in transaction verification, while essential for safety, can frustrate customers. And as banks invest more, cybercriminals adapt faster, deploying equally advanced tactics to breach these systems. What we are witnessing is an arms race, one that is expensive, relentless, and unavoidable.

Ponzi Schemes and Digital Traps

The Securities and Exchange Commission (SEC) has repeatedly warned about virtual asset frauds and Ponzi-style investment schemes. In 2024 alone, over 30 such schemes were flagged by regulators. Many exploited the language of digital currencies and blockchain to lure small investors. 

The damage goes beyond the immediate victims; it destroys trust in the entire financial system. When the public starts to doubt that digital platforms are safe, adoption slows, and genuine businesses suffer.

This is beyond a tussle between banks and hackers, but between regulators and shadowy schemes feeding off public trust.

Why Nigeria is at Risk

Cybercrime thrives where opportunity meets weakness, and Nigeria provides both. Digital adoption is rapid, but cybersecurity awareness among users is low. Enforcement of existing regulations is patchy, and the frameworks themselves usually lag behind the pace of innovation. 

At the same time, a troubling reality is that unemployment is feeding into the cybercrime economy. For many young people, fraud, whether through phishing scams or so-called “Yahoo Yahoo”, is seen as a viable path to survival.

The True Cost of Digital Growth

The impact of unchecked cybercrime runs deeper than balance sheets:

• Financial cost: Billions lost yearly, alongside increased budgets for cybersecurity infrastructure.
• Trust cost: Users lose trust in digital channels, sabotaging the cashless economy drive.
• Policy cost: Regulators try to meet up, introducing rushed directives that may repress innovation.
• Opportunity cost: Investors may think twice about putting money into Nigeria’s fintech ecosystem if risks appear unmanageable.

These layers of cost collectively threaten to slow down the momentum Nigeria has built in digital scale.

Countries like India and Kenya have confronted similar challenges. India’s digital public infrastructure includes stronger user authentication protocols, while Kenya has leaned on regulatory sandboxes to test fintech innovations under supervision. 

These examples show that progress and protection can go hand in hand. Nigeria does not lack capacity, but what is missing is a coordinated, enforced, and forward-looking cybersecurity strategy.

To contain the threat, several steps are urgent:

1. Regulatory enforcement: CBN, NITDA, and SEC must demand minimum cybersecurity standards for all digital service providers.
2. Public education: Cybersecurity literacy campaigns are as important as financial literacy. Users must recognise threats before they click.
3. Shared intelligence: Banks, telcos, fintechs, and regulators should collaborate on real-time data sharing about fraud attempts.
4. Investment in talent: Nigeria needs to build its pool of cybersecurity experts and make it a career path worth pursuing.

We cannot celebrate digital progress while ignoring the holes in the foundation. Every fraudulent transfer, every compromised account, chips away at public trust in Nigeria’s digital resilience. 

The question is not whether cybercrime will continue — it will. The real question is whether Nigeria is prepared to pay the price of protecting its digital economy, or whether the cost of inaction will outweigh the progress we have worked so hard to achieve. These and more are steps in the right direction that could help overcome Nigeria’s cybersecurity challenge.