Nigeria Moves to Mandate Organisations to Disclose Cyber Attacks Amid Rising Threats

Nigeria’s cyber‑threat landscape has accelerated, driven by AI‑enabled attacks and increasingly interconnected systems. Yet, reporting remains fragmented: the Nigeria Inter‑Bank Settlement System recorded a 37% compliance rate for fraud disclosures in 2023, and the Financial Institutions Training Centre documented $3.8 million in losses across nearly 15,000 incidents in just one quarter. By compelling organisations to disclose breaches or share intelligence, NITDA aims to break the culture of silence that lets a single compromise become a launchpad for broader attacks.

The regulatory response is multi‑pronged. A newly announced cybersecurity coordination council will bring together the Office of the National Security Adviser, the Ministry of Communications and private‑sector players to standardise intelligence sharing and policy alignment. Simultaneously, the Central Bank of Nigeria’s Cybersecurity Self‑Assessment Tool forces banks to evaluate their defenses within 21 days, signalling a shift from reactive to proactive risk management. These steps echo similar mandates in Algeria, Kenya and South Africa, and mirror the EU’s GDPR breach‑notification requirements, positioning Nigeria alongside emerging global best practices.

For businesses, the new disclosure regime promises clearer risk signals and a more resilient financial ecosystem. Investors gain confidence when cyber incidents are transparent, enabling better pricing of cyber‑insurance and capital allocation. Moreover, collective resilience reduces the likelihood of cascading failures that could destabilise the broader economy, a concern highlighted by the IMF. If enforced consistently, Nigeria’s approach could become a model for other emerging markets seeking to balance innovation with robust cyber governance.