The Federal Government is set to introduce a comprehensive cybersecurity framework this year in response to a sharp rise in artificial intelligence–driven cyberattacks targeting banks, businesses and government agencies across Nigeria.
The planned framework was disclosed by the Director-General of the National Information Technology Development Agency (NITDA), Kashifu Inuwa Abdullahi, amid growing concerns that the country’s rapid digital transformation has outpaced its existing cyber defences.
Stricter rules, mandatory spending
According to Abdullahi, the new framework will compel organisations operating in Nigeria to meet minimum cybersecurity investment thresholds, a move aimed at closing what authorities see as a dangerous gap in corporate cyber preparedness.
“Many organisations underinvest in cybersecurity because they believe they are not likely targets,” he said, warning that this assumption is increasingly risky as attackers deploy AI tools that allow them to scale attacks quickly and cheaply.
The framework will also introduce mandatory timelines for reporting data breaches, establish platforms for real-time threat intelligence sharing between the public and private sectors, and set out coordinated response protocols for large-scale cyber incidents.
Officials say the measures are designed to strengthen national resilience as AI accelerates both the speed and sophistication of cyberattacks on financial systems, payment platforms and public infrastructure worldwide.
Why it matters
Nigeria’s move mirrors a global shift toward tougher cybersecurity regulation. Across Europe, Africa and parts of Asia, governments are tightening breach-reporting rules, enforcing minimum risk controls and expanding information-sharing obligations as cyber threats escalate.
The urgency is particularly acute in Nigeria, home to one of Africa’s fastest-growing digital economies and major fintech players such as Flutterwave and OPay. While digital platforms have expanded financial inclusion, they have also increased exposure to cybercrime.
A 2025 Nigeria Cybercrime Assessment by the United Nations Office on Drugs and Crime estimated that Nigeria lost about N1.1 trillion to cybercrime between 2017 and 2023, affecting banks, telecoms firms and government agencies. Losses, the report said, continue to rise as attacks become more complex and cryptocurrencies are increasingly used for money laundering.
Experts warn of escalating risks
Industry experts say the threat landscape has changed dramatically. Bloomberg reports that Nigeria’s financial sector recorded a 150 per cent surge in AI-driven attacks last year, according to Lanre Ogungbe, chief executive of Prembly, a cybersecurity and digital identity firm.
Deloitte has also warned that ransomware and phishing attacks are likely to intensify as more payments, records and public services move online. The firm noted that sophisticated cyber tools once limited to organised criminal groups are now widely accessible, lowering the barrier to entry for attackers.
A chief information security officer at a leading Nigerian bank said AI is now being used to generate highly personalised phishing messages, rapidly scan systems for vulnerabilities and identify high-value targets. This, he said, allows attackers to bypass controls and spread breaches more quickly across banks and fintech platforms.
Ogungbe added that Nigeria’s instant payment infrastructure has become a critical vulnerability, as near-real-time transfers leave little time for fraud detection. “Systems now have only seconds to analyse massive data flows, separate legitimate transactions from AI-driven malicious activity, and block suspicious transfers before they go through,” he said.
Building on existing efforts
The planned framework will build on earlier initiatives. In 2021, the Federal Government launched the National Cybersecurity Policy and Strategy, which provides broad guidance for protecting Nigeria’s digital space and coordinating responses to cyber threats. However, the policy does not impose detailed, enforceable operational requirements across all sectors.
At the industry level, the Central Bank of Nigeria has issued risk-based cybersecurity guidelines for financial institutions, mandating minimum standards to safeguard systems and customer data.
Meanwhile, the Nigerian Communications Commission is developing a separate cybersecurity framework for the telecoms industry, a sector that has expanded from fewer than 500,000 telephone lines in 2001 to more than 172 million active subscriptions and 141 million internet users today.
With AI-powered cyber threats rising, officials say the new national framework is intended to close regulatory gaps and ensure that Nigeria’s digital growth is matched by equally robust cyber defences.
