Navigating Nigeria’s Cybersecurity Landscape: Opportunities and Challenges
Attending Gitex Global in Dubai recently was an inspiring experience. This time, rather than joining as a speaker or moderator, I engaged in networking, discussing cybersecurity—my area of expertise—with peers, exploring innovative technologies, and examining how different countries and industries are implementing security measures. The conversations highlighted the impressive global progress being made, particularly in Nigeria, where various agencies are working to close cybersecurity gaps. This progress is promising for the country’s digital economy, yet challenges remain.
The Complex Cybersecurity Environment in Nigeria
As an avid cyber expert with a keen interest in Nigeria’s cybersecurity landscape, I have observed that the country’s cybersecurity environment remains complex and fragmented. Overlapping agencies, frameworks, standards, and regulations often create more confusion than clarity. This fragmentation can lead to conflicting guidance, making it challenging for organizations to maintain consistent security measures and creating compliance gaps.
The multitude of standards and frameworks also leads to confusion for organizations navigating sometimes contradictory requirements. This issue has been highlighted in discussions around Nigeria’s cybersecurity framework (Cybersecurity & Privacy Journal, 2021; Nigeria IT Review, 2022). Currently, Nigeria lacks a universal, cross-industry cybersecurity certification program. While there are sector-specific standards in finance and telecommunications, a unified approach is still missing. This lack of standardized certification represents both a gap and an opportunity to establish a program that could drive consistency and build trust across Nigeria’s growing digital economy.
Progress Made by Key Agencies
So far, the National Information Technology Development Agency (NITDA) has made significant contributions toward setting cybersecurity standards. In 2019, NITDA introduced the Nigeria Data Protection Regulation (NDPR) to safeguard personal data and establish data privacy requirements for Nigerian businesses. While not a full cybersecurity certification, the NDPR provides essential guidelines for data protection.
The Central Bank of Nigeria (CBN) has also implemented cybersecurity standards, particularly for financial institutions, addressing threats specific to the financial sector. In 2021, Nigeria launched its National Cybersecurity Policy and Strategy (NCPS), underscoring a commitment to a secure digital environment. This strategy highlights the need for industry compliance and standardized security practices. However, it stops short of establishing a comprehensive, cross-sector cybersecurity certification—something akin to the UK’s Cyber Essentials or Singapore’s Cybersecurity Labelling Scheme.
Learning from Global Best Practices
Countries like the UK, Singapore, and Japan have developed national cybersecurity certifications that bolster their security infrastructure, enhance international trust, and attract foreign investment.
In 2014, the UK introduced Cyber Essentials, encouraging basic cybersecurity practices among businesses. This certification has increased trust in UK small and medium-sized enterprises (SMEs), allowing them to qualify for public sector contracts. Ian Levy, of the UK’s National Cyber Security Centre, noted, “Cyber Essentials has given businesses a standard to aim for, making cybersecurity accessible and trusted.”
Singapore’s Cybersecurity Labelling Scheme (CLS) assigns security labels to Internet of Things (IoT) devices to enhance consumer protection. David Koh, CEO of Singapore’s Cyber Security Agency, stated, “The scheme encourages businesses to prioritize cybersecurity,” elevating awareness and establishing Singapore as a leader in secure digital products.
Japan’s ISMS Conformity Assessment, based on ISO 27001, enables businesses to meet global security requirements. “ISMS certification allows Japanese companies to operate securely in the international market,” said Hiroshi Ito, Director-General of Japan’s Information-technology Promotion Agency.
The Path Forward: NITDA’s Strategic Roadmap
The NITDA Strategic Roadmap and Action Plan 2024 – 2027 (SRAP 2.0) outlines Nigeria’s vision for digital transformation, with cybersecurity as a key pillar. NITDA has stated in its recently published SRAP 2.0 that cybersecurity is crucial for building trust in digital services, emphasizing the need for secure infrastructure resilient to cyber threats. One of its key initiatives is to promote industry-specific cybersecurity certifications, encouraging organizations to align with international standards like ISO 27001. While these efforts are commendable, the introduction of a national certification, owned and mandated by Nigeria, would further elevate the country’s cybersecurity framework.
Recommendations for a National Cybersecurity Certification Program
I strongly recommend that Nigeria establish a tailored National Cybersecurity Certification Program, coordinated by the Office of the National Security Adviser.
Benefits of a National Certification Program
-
Tailored to Nigeria’s Needs: A Nigeria-specific cybersecurity certification could directly address the country’s unique challenges and close existing gaps.
-
Addressing Fragmentation: A unified certification would help tackle the current fragmentation challenges, promoting a more cohesive approach to cybersecurity adaptation across industries.
-
Enhanced Security and Credibility: A unified certification would better protect businesses from cyber risks, fostering a secure environment within Nigeria’s digital economy and enhancing its international reputation.
- Alignment with Global Standards: By establishing minimum security standards across industries, especially those handling sensitive data, Nigeria could address both local and international cybersecurity requirements. Aligning with recognized standards, like ISO 27001, would help Nigerian companies meet international expectations, making them more competitive on the global stage and strengthening cross-border partnerships.
Conclusion
As Nigeria continues to navigate its cybersecurity landscape, the establishment of a national certification program could serve as a cornerstone for building a more secure digital economy. By learning from global best practices and addressing the unique challenges faced by Nigerian organizations, the country can enhance its cybersecurity posture and foster greater trust in its digital services.
– Chika Amadi is a Senior Cyber Security Consultant at the Bank of England, UK.
Disclaimer: This article is entirely the opinion of the writer and does not represent the views of The Whistler.