FG to Introduce Stricter Cybersecurity Rules as AI-Powered Cyberattacks Rise

The Federal Government plans to roll out a new cybersecurity framework this year to curb the growing wave of AI-driven cyberattacks targeting banks, fintech platforms, businesses and government agencies.

The announcement was made by the Director-General of the National Information Technology Development Agency (NITDA), Kashifu Inuwa Abdullahi, amid concerns that rapid digital adoption across Nigeria’s financial and public sectors has outpaced existing cyber defences.

Why the New Framework Is Coming Now

According to Abdullahi, the proposed framework — expected to be implemented later this year — will introduce mandatory cybersecurity spending benchmarks for organisations operating in Nigeria.

He noted that many companies underinvest in cybersecurity, often assuming they are unlikely targets.

The framework will also:

Introduce strict timelines for reporting data breaches

Establish threat intelligence-sharing systems between public and private sectors

Define coordinated national response protocols for major cyber incidents

Authorities say the urgency reflects a global shift, as artificial intelligence dramatically increases the scale, speed and sophistication of cyberattacks on financial systems and public infrastructure.

Backstory: Rising Losses and Global Regulatory Tightening

Nigeria’s move aligns with a broader global regulatory push toward stricter cybersecurity enforcement. From the European Union to African regulators, governments are mandating tougher breach-reporting requirements, risk controls and cross-sector intelligence sharing.

The urgency in Nigeria is amplified by the country’s fast-expanding digital economy, home to major fintech players such as Flutterwave and OPay.

According to the 2025 Nigeria Cybercrime Assessment by the United Nations Office on Drugs and Crime (UNODC), Nigeria lost an estimated ₦1.1 trillion across banks, telecom firms and government agencies between 2017 and 2023.

The report noted that losses continue to rise as cyberattacks grow more complex and cryptocurrencies are increasingly used to launder proceeds.

AI Is Changing the Nature of Cyber Threats

Industry experts say artificial intelligence has fundamentally altered the threat landscape.

Bloomberg reports that Nigeria’s financial sector experienced a 150% surge in AI-driven attacks last year, according to Lanre Ogungbe, CEO of Prembly, a cybersecurity and digital identity firm.

Deloitte has also warned that ransomware and phishing attacks are expected to increase as more services, payments and records migrate online.

A chief information security officer at a leading Nigerian bank revealed that AI is now being deployed by attackers to:

Craft highly personalised phishing emails

Scan networks for vulnerabilities

Identify high-value institutional targets

Bypass conventional security filters

Ogungbe added that Nigeria’s instant payment infrastructure presents a unique vulnerability. Near real-time transfers leave only seconds for fraud detection systems to analyse transaction patterns and block suspicious activity before completion.

How the New Framework Differs from Existing Policies

In 2021, the Federal Government introduced the National Cybersecurity Policy and Strategy to provide overarching direction for protecting Nigeria’s digital ecosystem.

However, while the policy outlines coordination principles and deterrence mechanisms, it does not impose uniform, enforceable operational requirements across all organisations.

Sector-specific regulators have taken steps:

The Central Bank of Nigeria (CBN) issued risk-based cybersecurity guidelines for financial institutions.

The Nigerian Communications Commission (NCC) is developing a cybersecurity framework for the telecom industry, which now serves over 172 million active subscribers and 141 million internet users.

The new NITDA-led framework is expected to introduce more concrete compliance obligations and minimum standards that apply across sectors.

What This Means for Businesses

If implemented as proposed, the framework could:

Increase compliance costs for businesses

Raise board-level accountability for cyber resilience

Improve national incident response coordination

Reduce systemic risk in Nigeria’s financial and digital infrastructure

For fintech companies, banks, telecom operators and government contractors, cybersecurity may shift from being an IT function to a core governance and investment priority.