Any crime or illegal activity committed in the use of computers and network is referred to as a cybercrime. The Cybercrimes (Prohibition and Prevention, etc.) Act 2015 ("Cybercrimes Act"), is the principal legislation for the regulation of all activities in the Nigeria cyber space involving a computer and internet network. The Cybercrimes Act is vital to the national security of Nigeria and the President is empowered by it to implement procedures and guidelines for the advancement of national security.

Forms of cybercrimes according to the Cybercrimes Act:

  • Hacking
  • Denial-of-service attacks
  • Phishing
  • Infection of IT systems with malware
  • Distribution, sale or offering for sale of hardware, software or other tools used to commit cybercrime
  • Possession or use of hardware, software or other tools used to commit cybercrime
  • Identity theft or identity fraud
  • Electronic theft
  • Unsolicited penetration testing
  • Cyberstalking
  • Cybersquatting
  • Cyber terrorism
  • Manipulation of ATM/POS Terminals
  • Breach of confidence by service providers

Penalties for Cybercrimes

The penalties for various cybercrimes are provided for under the Cybercrimes Act, they range from fines to imprisonment or both. The court may also order forfeiture of proceeds. The Act criminalizes cybercrimes as well as compensates the cybercrime victims. Civil actions may lie against perpetrators of cybercrimes such as defamation, misrepresentation, breach of confidence, breach of contract, and others. Also, actions may be instituted for the enforcement of Fundamental Right breached under the 1999 Constitution (as amended).

Applicable Laws to cybersecurity in Nigeria:

  1. The 1999 Constitution of the Federal Republic of Nigeria (as amended) ("CFRN").
  2. The Cybercrimes (Prohibition and Prevention, etc.) Act, 2015.
  3. Nigeria Data Protection Act, 2023 ("NDPA").
  4. Nigeria Data Protection Regulation, 2019 ("NDPR").
  5. Nigeria Data Protection Regulation Implementation Framework, 2020.
  6. The Advance Fee Fraud and other Related Offences Act, 2006.
  7. Terrorism (Prevention and Prohibition) Act, 2022.
  8. The NCC Guidelines for the Provision of Internet Service.
  9. Risk-Based Cybersecurity Framework and Guidelines for Other Financial Institutions, 2022.
  10. The Economic and Financial Crimes Commission (Establishment, etc.) Act, 2004.
  11. The Money Laundering (Prevention and Prohibition) Act, 2022.
  12. Nigerian Communications Communication Act, 2003.

Major Regulators of cyber security in Nigeria under the Cybercrimes Act:

  1. Nigeria Data Protection Commission ("NDPC") is responsible for enforcing the provisions of the NDPA and NDPR.
  2. The Nigerian Communications Commission ("NCC") is responsible for enforcing the provisions of the Guidelines for the Provision of Internet Service.
  3. The National Security Adviser ("NSA") is responsible for maintaining the National CERT Coordination Centre responsible for managing cyber-incidents in Nigeria.
  4. The Attorney General of the Federation ("AGF") supervises the implementation of the Cybercrimes Act, whilst law enforcement agencies are responsible for enforcing the provisions of the Cybercrimes Act.
  5. The CBN is responsible for regulating the activities of financial institutions in Nigeria.

Preventive measures against cyber attacks

The Cybercrimes Act permits organizations to use their suitable and effective measures to protect and prevent their IT systems from cybercriminals. Some government regulators like the NCC are saddled with the responsibility of releasing periodic information to the public on cybersecurity.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.