The Nigerian Communications Commission (NCC) has announced plans to develop a comprehensive cybersecurity framework aimed at protecting Nigeria’s fast-growing telecommunications sector from increasing digital threats.
Executive Vice Chairman of the NCC, Dr Aminu Maida, represented by Abraham Oshadami, Executive Commissioner, Technical Services, revealed the initiative during a Cybersecurity Framework Development Regulatory Meeting held in Lagos on Wednesday.
Dr Maida outlined the dramatic expansion of Nigeria’s telecoms industry, which has grown from under 500,000 connected lines in 2001 to over 172 million active subscribers today, with internet users surpassing 141 million. He said this growth had made the sector a vital contributor to economic development, social inclusion and national progress.
However, he cautioned that this rapid expansion has also exposed the industry to a growing wave of cyber threats, including malware, phishing attacks and ransomware. He noted that Nigeria’s telecommunications infrastructure, which forms a significant part of the country’s critical information systems, remains a high-value target for cybercriminals and hostile actors.
“To address these escalating risks, the NCC is initiating the development of a cybersecurity framework with clear strategic goals,” Maida stated.
He explained that the objectives include building a unified and resilient cybersecurity culture across the industry, enhancing the security of telecom infrastructure, protecting consumer data and privacy, and aligning with Nigeria’s National Cybersecurity Strategy as well as global standards.
The framework will also equip the industry to proactively anticipate, detect, respond to and recover from cyber incidents, while identifying and addressing emerging vulnerabilities.
Maida emphasised that the current regulatory environment, including the Cybercrime (Prohibition, Prevention, etc.) Act of 2015 and the Nigerian Data Protection Act 2023, requires stronger cybersecurity controls, particularly in sectors deemed critical to national infrastructure such as telecommunications.
Citing data from the United Nations Economic Commission for Africa, he noted that a 10 per cent increase in cybersecurity maturity could significantly boost per capita GDP across African nations.
He added that the new framework would establish minimum cybersecurity benchmarks for all licensed operators and would include guidance on incident reporting, risk assessment, data sharing, and cross-sector collaboration.
Dr Maida called on stakeholders including telecom operators, internet service providers, data centre operators, government institutions, academia, and technology firms to contribute actively to the development process.
Also speaking at the event, Abraham Oshadami reiterated the urgency of implementing a robust cybersecurity posture, given the industry’s reliance on digital systems and the rising complexity of cyber risks.
“Cybersecurity is now a critical requirement, not a discretionary one,” Oshadami said, noting that the meeting was convened to gather industry-wide input that will inform a practical and enforceable framework.
Dr Kazeem Durodoye, CEO of cybersecurity firm Cybernovr, delivered a presentation stressing the importance of safeguarding the digital ecosystem in the face of rapid technological advancement.
He said technologies like Open RAN and network virtualisation had significantly changed the threat landscape for 2G, 3G, and 5G systems. He called for a comprehensive approach to cybersecurity that accounts for the sector’s dependencies and provides policymakers with tools to respond to real-time risks.
Durodoye outlined the core principles underpinning the framework’s development, including inclusive stakeholder engagement, preparedness for advanced threats like quantum cryptography, and awareness of how artificial intelligence and machine learning can be exploited in cyberattacks.
He revealed that the draft framework would be circulated to industry participants for review in the coming weeks.
“It will classify licensees into tiers, ensuring that entities handling sensitive data or performing critical functions are subject to enhanced oversight,” Durodoye explained.
Babagana Digima, Chairman of the Committee on the Development of the Cybersecurity Framework, also spoke at the meeting. He said the framework was designed to provide structured cybersecurity governance while closing existing security gaps across the telecoms sector.
He stressed the importance of conducting a baseline study to accurately assess the sector’s current capabilities and vulnerabilities before deploying any new controls.
Digima reaffirmed the Commission’s dedication to working closely with all stakeholders to establish a secure, resilient, and trustworthy digital environment in Nigeria.