Online Safety & Cybercrimes: Navigating Nigeria's Cybersecurity Compliance And Safety Laws

Cybercrime has become a constant source of alarming headlines worldwide, dominating news cycles across tabloids and electronic media. A significant number of individuals globally have fallen victim to phishing schemes, fake internet accounts used to impersonate others, cruel cyberbullying, intrusive stalking, hacking, blackmail threats, and a steady stream of fake news, primarily disseminated through the internet. Unfortunately, the majority of victims choose to remain silent, often due to fear of the unknown, ignorance of relevant laws, or a lack of resources to file complaints with the appropriate agencies.

At the forefront of the silence and inactivity, especially after suffering from internet related menace, is ignorance. A good number of Nigerians assume that cybersecurity laws only apply to persons within the tech ecosystem. Most people are unaware of the legal framework that ensures online safety and combats internet crimes.

Nigeria, through the instrumentality of the constitution and other cybercrime laws and data privacy regulations, whether applying to the general public or within specified industries, has established a series of legal protections which serve to combat cybercrime.

The major problem, leading to the current state of lawlessness and inactivity, is that people remain unaware of these laws and how to employ them to protect themselves, as well as which institutions to contact in cases that demand the intervention of the relevant regulatory institutions.

According to a recent survey, 35% of all global cyberattacks were ransomware (a type of cyber-attack that encrypts the victim's personal data until a ransom is paid). There was an increase of 84% in ransomware over the previous year. It also revealed that 70% of the ransomware targeted small and medium scale Businesses. Additionally, Phishing attacks (a type of cybercrime where malicious actors attempt to trick individuals into revealing sensitive information, such as usernames, passwords, credit card details, and other personal information) increased by 1,265%. These attacks are mainly driven by the massive developments in Gen AI.¹

The Court of Appeal in Daily Times Nig. Plc v. Arum (2023) 17 NWLR (Pt. 1914) 559 on the implication of publishing defamatory matter online, stated as follows;

'A publication made online carries far-reaching implications. A major feature of texts, pictures and every material placed on the Internet is universal accessibility with minimal protocols, anywhere and everywhere there is access to the Internet. Publishing through the Internet or making a publication online implies a desire to make the materials so published available globally.' (P. 575, paras. C-E)

The Hon.Justice Hannatu Jummai Sankey, JCA made a striking comment in the case of Jubril v. FRN (2018) LPELR43993 (CA);

"It must be disheartening to all right-thinking Nigerians that the rampant, atrocious and egocentric crime has unleashed dire consequences on the integrity and image of the country. This has both short-term and long-term effects on society and the nation as a whole. Therefore, although the punishment prescribed by law, may appear harsh and draconian, it is hoped that it will deter like-minded persons from embarking on such criminal ventures."

This article aims to break down Nigeria's cybersecurity compliance framework and online safety laws for every Nigerian.

THE FOUNDATION OF CYBERSECURITY LAW IN NIGERIA.

The special relationship between the law and social phenomena, where the law either preempts criminal or civil wrongs or it reacts to criminalise action, has played its role in the cybersecurity issue in Nigeria. From the rise of digital fraud to data breaches, cyberbullying, cyberstalking and other digital malfeasance, the cybersecurity legal frameworks in Nigeria were birthed. The framework evolved through the lenses of constitutional protections, statutory intervention, and sector-specific regulations. Today, the cybersecurity legal framework of the country is a multi-layer system.

Let us consider, presently, the relevant layers of the Nigerian Cybersecurity legal framework:

1. THE 1999 CONSTITUTION (AS ALTERED)

The 1999 constitution, being the groundnum of the Nigerian legal system itself, is the bedrock of Nigeria's cyber laws. The idea that every Nigerian has a constitutional right to their own privacy, which includes privacy in the digital space, is provided for by Section 37 of the constitution. It is on this constitutional foundation that the entire individual protection in cybersecurity is built.

2. CYBERCRIMES (PROHIBITION AND PREVENTION, ETC.) AMENDMENT ACT, 2024

The Cybersecurity (Prohibition and Prevention, etc) Amendment Act was first promulgated in 2015 and was further amended in 2024. It is Nigeria's primary cyber law. The Act is significant because of two important provisions:

1. It criminalises a broad range of cybercrimes (Sections 6, 8, 9,10, 11, 12 of the Act)
2. It imposes a responsibility on service providers, banks, and telecoms to help detect and report digital crimes (Section 7 of the Act).

The Act also offers a thorough framework for fighting violations such as the following:

1. Hacking and Unauthorised Access
2. Cyberstalking and Online Bullying
3. Phishing, Identity Theft, and Financial Fraud
4. Pornography and Online Child Exploitation
5. Cyberterrorism and strikes on key infrastructure, etc.

THE NIGERIAN DATA PROTECTION ACT 2023.

Prior to 2023, the framework of Data protection in Nigeria was essentially regulated by the Nigeria Data Protection Regulation (NDPR) 2019, which introduced baseline rules for handling personal data. However, with the passage of the Nigeria Data Protection Act (NDPA), 2023, the country took a major leap forward with regards to Data Protection, bringing the regulation of data in Nigeria in line with global best practices. This marked a significant advancement for the country in the area of data protection.

THE ADVANCE FEE FRAUD AND OTHER RELATED OFFENCES ACT, 2006

The Advance Fee Fraud and other Related Offences Act, 2006is a legislation which aims to criminalise and prescribe punishment for different forms of fraudulent activities, including, but not limited to advance fee fraud commonly known as "419" and related offences. It criminalises specific acts, provides for consequent penalties, and procedures for prosecuting such crimes. The primary focus of the law is on protecting individuals as well as financial institutions from criminal fraudulent activities.

Key provisions of the Act include:

1. Prohibition of Advance Fee Fraud:
   Section 1 of the Act explicitly prohibits obtaining property or inducing the delivery of property, whether in Nigeria or elsewhere, through impersonation or false pretences with the intention to commit fraud. This provision covers circumstances where money or other digital or physical assets are obtained under false pretences or in exchange for promises of delivery of goods or services that were never delivered.
2. Other Fraudulent Offences:
   Beyond proscription of '419' activities, the Act also proscribes other associated offences, such as using premises for fraudulent activities and inducing people to travel to Nigeria for fraudulent purposes.

THE ECONOMIC AND FINANCIAL CRIMES COMMISSION (ESTABLISHMENT, ETC.) ACT, 2004 AND THE MONEY LAUNDERING (PREVENTION AND PROHIBITION) ACT, 2022.

The EFCC Act, together with the Money Laundering Act, directs the attention of the anti-money laundering and financial crimes agency's incessant attention to cyber-based financial offences while, at the same time, paying special attention to digital asset scams and illegal online financial transactions. For instance, the recent case of Crypto Bridge Exchange 'CIBEX' and its alleged fraudulent activities is still under investigation by the agency.

TERRORISM (PREVENTION AND PROHIBITION) ACT, 2022

The Terrorism (Prevention) Act, 2011, was the first statutory intervention directed towards the prevention of terrorism in Nigeria. However, in 2022, the Act was further amended to the present Terrorism (Prevention and Prohibition) Act, 2022. The law establishes a comprehensive legal framework for detecting, preventing, and prosecuting acts of terrorism and related activities. The Act also addresses terrorism financing, proliferation of weapons of mass destruction, and related matters.

A very important provision of the Act, for the purpose, is the provision on terrorism Financing. Section 13 (2) (e) and 21 (1) of the Act criminalise financing terrorism and solicitation of funds through any means, including digital platforms for the propagation of any acts of terrorism.

SECTOR-SPECIFIC LAWS THAT PROMOTE CYBERSECURITY.

NIGERIAN COMMUNICATIONS ACT, 2003

The Nigerian Communications Act of 2003 (NCA) primarily focuses on liberalising the telecommunications sector and establishing the Nigerian Communications Commission (NCC) as the regulatory body. While the Act lays the foundation for telecommunications regulation, it contains limited provisions specifically addressing cybersecurity and data protection. However, the Nigerian Communications Commission, empowered by the Act, plays a role in ensuring cybersecurity through its licensing and regulatory functions. Other related legislation, like the Cybercrime Act, complements the NCA in addressing cybersecurity threats.

Additionally, the Nigerian Communications Act of 2003, together with NCC Guidelines, establishes rules for telecom providers to require SIM registration while protecting ISP customer data.

NIGERIAN BAR ASSOCIATION CYBERSECURITY GUIDELINE, 2024

The Guidelines is a product of the Nigeria Bar Association aimed at imposing the responsibility to protect client data and digital ethics on lawyers in Nigeria.

Article 2 (a) of the Guideline requires Nigerian lawyers to implement and maintain appropriate cybersecurity measures to protect client information against unauthorised access, disclosure, alteration, or destruction.

Under Article 5 of the Guidelines, Nigerian lawyers and legal organisations must implement robust and secure network configurations to safeguard against unauthorised access and cyber threats. This includes, but not limited to:

1. Firewalls and Intrusion Detection Systems: Deploying and maintaining firewalls and intrusion detection systems to monitor and control incoming and outgoing network traffic, preventing malicious activities.
2. Secure Network Protocols: Utilising secure network protocols, such as Virtual Private Networks (VPNs), for all remote access to ensure data confidentiality and integrity.
3. Regular Assessments and Audits: Conducting periodic assessments and audits of network configurations to proactively identify and remediate vulnerabilities. This includes regularly checking for unauthorised devices or access points connected to the network.
4. Network Segmentation: Where appropriate, segmenting the network to isolate sensitive data from general office networks. This measure limits potential exposure and contains the impact in the event of a network breach.

CBN CYBERSECURITY FRAMEWORK AND GUIDELINES FOR DEPOSIT MONEY BANKS AND PAYMENT SERVICE BANKS, 2024.

The Central Bank of Nigeria (CBN) recently issued a Risk-Based Cybersecurity Framework and Guidelines for Deposit Money Banks (DMBs) and Payment Service Banks (PSBs). The framework came into effect on July 1, 2024, outlining the irreducible cybersecurity requirements for these Deposit Money Banks and Payment Service Banks to improve their capability to counter cyber threats. The framework places importance on governance structure, risk management, resilience, and quick response cyberattacks.

The purpose of the framework is to serve as guidance to DMBs and PSBs in developing and administering vigorous cybersecurity programs to safeguard their systems, data, and customers from cyberattacks.

Why Cyber Crimes Still Persist in Nigeria

The Nigerian legal system possesses strength, but its implementation suffers because of insufficient funding, along with fragmented enforcement procedures. The majority of police personnel lack proper training to handle digital crime investigations. Some lack the technical tools. The lack of seriousness from some law enforcement personnel towards online threats is also a major problem.

Similarly, the majority of Nigerians avoid reporting cybercrimes because they doubt authorities will handle their cases seriously, or they lack information about proper reporting procedures.

RECENT CASES OF CYBERSECURITY HACKS IN NIGERIA.

1. In 2021, suspected hackers infiltrated the website of the Delta state government, placing job advertisements on the portal with a recruitment fee of ₦8,500. The Delta state government promptly released a statement informing the public that its website had been hacked and disowning the said job advertisement.²
2. In 2013, a medical student of the Delta State University hacked the phone of the then Delta State Governor, Emmanuel Uduaghan, sending a text message to the institution's vice chancellor, Prof Eric Arubayi, instructing him to make sure that the hacker obtains credits in specific courses, which he failed.³
3. In July 2025, hackers infiltrated the phone of the Osun State Governor. Spokesperson of the governor, Mr Olawale Rasheed, disclosed that one of the phone numbers of his principal has been hacked.⁴
4. In July 2025, a hacker in Imo state entered the roof of a commercial bank and waited until close of business before hacking the computers of the bank. The bank resumed the next day, only to start their computers but with the response "Restarting. Click OK to accept." he was subsequently discovered and arrested.⁵
5. In April 2025, suspected hackers hacked the systems of an unnamed bank, and moved a reported 10 billion into other undisclosed accounts. The Police authorities subsequently brought an application before the Federal High Court in Abuja to place a Post No Deposit (PND) on all the accounts the monies were moved to, so as to track and prevent the dissipation of the fund.⁶

THE CONNECTION BETWEEN CYBERSECURITY AND LABOUR RELATIONS IN NIGERIA.

The connection between cybercrime and unemployment in Nigeria is a significant issue for experts and policymakers alike. As the digital economy grows, so does the complexity of cybercriminal activities. Nigeria, undergoing rapid digital transformation, is becoming a focal point for cybercriminals due to widespread internet access, weak cybersecurity, and societal vulnerabilities.

Unemployment, especially among youth, is a major problem in Nigeria. The effect of cybercrime on job markets, including its potential to eliminate legal jobs, hinder economic growth, and raise unemployment, has not been adequately explored in Nigerian economic discussions. Cybercrimes in Nigeria include financial fraud, identity theft, internet fraud, hacking, and online extortion. These crimes disrupt the digital economy, causing substantial financial losses to businesses, government, and individuals. Consequently, funds that could be used for job creation and economic development are instead spent fighting cybercrime, thus limiting job growth. Furthermore, the rise of cybercrime often creates job insecurity and an unfavourable economic climate that discourages investment in legitimate industries, worsening unemployment.⁷

WHAT EVERY NIGERIAN NEEDS TO KNOW ABOUT CYBERSECURITY.

1. Need to protect Your Data: Your data requires protection; you should avoid sharing passwords and bank details, and national ID numbers without proper caution. In addition, you need to be wary of accepting terms and conditions on websites without thoroughly reading and understanding those terms. These are means to trade off your personal details without active participation.
2. Know your rights: the first step to protecting your rights is knowing that such rights in fact exist. The next step is to take decisive steps by reporting any form of cybersecurity breaches, such as cyberbullying, cyberstalking as well as blackmail, fraud, and data breaches to the appropriate agencies, including but not limited to; Nigeria Police Cybercrime Unit or the Economic and Financial Crimes Commission, or the Nigeria Data Protection Commission.
3. Update your internet security: Make your security a priority by implementing strong passwords, together with two-factor authentication and antivirus software.
4. Speak out: Online harassment and scams require victims to voice their situations. The law provides solutions for these cases.
5. Always obtain permission before posting content: The distribution of private photos or chats without approval or consent from the owner can result in criminal prosecution.

CONCLUSION.

Online safety is non-negotiable. This starts with an individual's duty to protect personal information while understanding digital rights and alerting the relevant authorities about suspicious activities. It does not end there.

Also, Nigeria really needs to advance cybersecurity from its current policy status to a national priority so it can compete effectively in the global digital economy. The achievement of cybersecurity requires equal measures of state responsibility and institutional unity, together with continuous funding for digital infrastructure development and enhanced law enforcement capabilities.

The law must not only exist on paper, but it must be enforced in practice. The same level of attention that goes into creating these laws for both punishing cybercriminals and safeguarding digital rights of citizens and businesses, and institutions must be dedicated by policymakers to develop public education programmes and provide enforcement training for investigative agency resources. With these in place, the internet can become a safer platform for expression, information, and innovation.

Footnotes

1 SentinelOne, 'Key Cybersecurity Statistics for 2025' < https://www.sentinelone.com/cybersecurity-101/cybersecurity/cyber-security-statistics/ ^> accessed 11 July 2025.

2 The Punch, 'Fraudsters hack into Delta website, fix job application fee at N8,500' < https://punchng.com/fraudsters-hack-into-delta-website-fix-job-application-fee-at-n8500/ > accessed 11 July 2025.

3 The Vanguard, 'How hacker stunned Gov Uduaghan, cloned his phone to solicit favours' < https://www.vanguardngr.com/2013/05/how-hacker-stunned-gov-uduaghan-cloned-his-phone-to-solicit-favours/ > accessed 11 July 2025.

4 The Vanguard, 'Scammers hack Osun gov's phone number —Aide' < https://www.vanguardngr.com/2024/07/scammers-hack-osun-govs-phone-number-aide/ > accessed 11 July 2025.

5 Daily Trust, 'How man who sneaked into bank through toilet was caught hacking systems' < https://dailytrust.com/how-man-who-sneaked-into-bank-through-toilet-was-caught-hacking-systems/ > accessed 11 July 2025.

6 Legit 'Scammers Hack Nigerian Bank, Steal N10 Billion, 818 Accounts Identified as Other Banks Upgrade' < https://www.legit.ng/business-economy/money/1619636-scammers-hacks-nigerian-bank-steal-n10-billion-818-accounts-frozen-zenith-upgrade/ > accessed 11 July 2025.

7 Joonas Jouko, 'The Relationship Between Cybercrime and Unemployment in Nigeria' < https://www.researchgate.net/publication/388659828_The_Relationship_Between_Cybercrime_and_Unemployment_in_Nigeria > accessed 11 July 2025.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.