Nigeria’s Cybersecurity Struggles: Why African Countries Like Mauritius and Rwanda Are Leading the Charge

By Remi Afon

The Global Cybersecurity Index (GCI) 2024, recently released by the International Telecommunication Union (ITU), underscores the urgent need for Nigeria to address its cybersecurity shortcomings. Despite being Africa’s largest economy and a rising tech hub, Nigeria’s performance in the GCI reflects several deep-rooted challenges that hinder its ability to effectively secure its digital infrastructure. In contrast, other African countries such as Mauritius, Rwanda, Ghana, Tanzania, and Kenya have made significant strides in cybersecurity, positioning them as regional leaders.

This analysis reviews Nigeria’s performance in the GCI 2024, identifies key factors behind its lower ranking, and draws lessons from African countries that have achieved higher standings.

Nigeria’s Performance in the GCI 2024

In the Global Cybersecurity Index (GCI) 2024, Nigeria is classified within the “Establishing” tier, reflecting significant gaps in its cybersecurity framework. The index assesses countries on five key pillars: legal measures, technical measures, organisational measures, capacity building, and cooperation. Nigeria’s ranking is indicative of systemic issues that prevent the country from establishing a resilient and coordinated cybersecurity structure.

While some progress has been made in recent years, Nigeria’s performance reveals several areas in need of urgent attention. These include the implementation of existing cybersecurity policies, investment in cybersecurity capacity building, and the revision of outdated legal frameworks. Without swift reforms, Nigeria’s digital ecosystem remains vulnerable to a range of cyber threats.

Key Factors Contributing to Nigeria’s Ranking

1. Lack of Implementation of the National Cybersecurity Policy and Strategy (NCPS)

Nigeria launched its National Cybersecurity Policy and Strategy (NCPS) in 2015 and was updated in 2021, with the aim to provide a comprehensive approach to securing its digital infrastructure. However, the lack of concrete implementation has limited its effectiveness. The policy has yet to be fully operationalised across government and private sectors, leading to fragmented and uncoordinated efforts in addressing cybersecurity challenges.

2. Inadequate Capacity Building

A significant issue for Nigeria is the lack of investment in capacity building. Government agencies and critical sectors lack the trained personnel and resources to handle growing cyber threats. There are limited training programs aimed at developing cybersecurity expertise within public institutions, leaving the country underprepared to respond to cyber incidents.

3. Outdated Cybercrime Legislation

Nigeria’s Cybercrime Act of 2015 is outdated and insufficient to address modern cybersecurity challenges. The legal framework lacks provisions for addressing emerging threats such as ransomware, advanced cyber espionage, deepfakes, and other AI-enhanced cyber-attacks. Without updates, law enforcement agencies face difficulties in effectively prosecuting cybercriminals, leaving gaps in Nigeria’s cyber defences.

4. Underfunding of Cybersecurity Initiatives

Nigeria’s cybersecurity efforts suffer from chronic underfunding. The country has not allocated sufficient financial resources to strengthen its cybersecurity infrastructure, including key initiatives such as the National Cybersecurity Coordination Centre (NCCC). Without adequate funding, the ability to build capacity, enhance infrastructure, and respond to cyber threats remains severely limited.

5. Delayed Operationalisation of the National Cybersecurity Coordination Centre (NCCC)

The NCCC was established to serve as a central coordinating body for national cybersecurity efforts. However, delays in its operationalisation have resulted in a lack of national coordination, weakening Nigeria’s response to cyber incidents. This gap has left critical sectors such as finance, telecommunications, and energy more vulnerable to attacks.

6. Inactivity of the Cybercrime Advisory Council

The Cybercrime Advisory Council, intended to provide strategic oversight on cybersecurity matters, has remained largely inactive. Without the guidance and leadership from this advisory body, Nigeria’s cybersecurity policies lack the high-level coordination needed to effectively tackle cyber threats.

Learning from Africa’s Cybersecurity Leaders

While Nigeria faces significant challenges, other African countries have made impressive progress in securing their digital environments. Mauritius, Rwanda, and Kenya are notable examples of nations that have successfully implemented comprehensive cybersecurity strategies, leading to higher rankings in the GCI 2024.

Mauritius: A Cybersecurity Success Story

Mauritius ranks in the “Role-modelling” tier, the highest among African countries in the GCI. Its success is driven by a comprehensive and well-implemented Cybersecurity and Cybercrime Strategy, which provides clear guidelines for both the public and private sectors.

Capacity Building: Mauritius has prioritised capacity building by investing heavily in developing its cybersecurity workforce. It has established ongoing training programs and partnerships with international organisations to upskill its cybersecurity professionals.

Modern Cybercrime Laws: The country’s legal framework is regularly updated to address emerging cyber threats. This ensures that Mauritius can respond effectively to the latest developments in cybercrime, providing a legal basis for prosecuting cybercriminals.

Rwanda: A Model of Focused Governance

Rwanda, ranked in the “Role-modelling” tier, has implemented a centralised and focused approach to cybersecurity through its National Cyber Security Authority (NCSA).

National Coordination: Rwanda’s NCSA plays a key role in coordinating national cybersecurity efforts, ensuring that government agencies and private sector players are aligned in protecting the country’s digital infrastructure.

Investment in Capacity: Rwanda has invested significantly in building a skilled cybersecurity workforce. This effort has been instrumental in increasing the country’s ability to detect, prevent, and respond to cyber threats.

Kenya: Building Cyber Resilience

Kenya also ranked in the ” Role-modelling” tier, has taken major steps to strengthen its cybersecurity infrastructure, driven by its growing role as a tech hub in Africa.

Public-Private Partnerships: Kenya has fostered strong public-private partnerships in cybersecurity, recognizing the importance of involving the private sector in national cyber defence strategies.

Legal Framework: Kenya’s Computer Misuse and Cybercrimes Act (2018) provides a modern legal foundation to tackle cybercrime, making it easier for authorities to address both domestic and international cyber threats.

Recommendations for Nigeria’s Cybersecurity Improvement

To improve our cybersecurity standing and safeguard our digital infrastructure, Nigeria must take decisive action. The following steps are critical to strengthening our cybersecurity framework:

Full Implementation of the NCPS: The Nigerian government must prioritize the full implementation of the National Cybersecurity Policy and Strategy. This includes setting clear action plans, monitoring progress, and ensuring compliance across sectors.

Invest in Capacity Building: Nigeria must invest in developing a skilled cybersecurity workforce. This can be achieved through partnerships with international organisations, NGOs like Cyber Security Experts Association of Nigeria (CSEAN), roll out training programmes, and initiatives that promote cybersecurity education and awareness.

Update Cybercrime Laws: The Cybercrime Act of 2015 should be revised to address modern cyber threats such as ransomware, IoT attacks, AI-related cyber-attacks and other advanced cybercrimes. A strong legal framework will empower law enforcement to effectively prosecute cybercriminals.

Increase Funding for Cybersecurity: Adequate funding is essential for Nigeria to build the infrastructure and human capital needed to respond to cyber threats. The government should allocate sufficient resources to support cybersecurity initiatives and capacity-building efforts.

Operationalise the NCCC: The National Cybersecurity Coordination Centre should be fully operationalised to provide central coordination for national cybersecurity efforts. This will enhance Nigeria’s ability to respond to incidents and coordinate actions across sectors.

Revitalise the Cybercrime Advisory Council: The Cybercrime Advisory Council must be reactivated to provide strategic leadership and oversight. A functioning council will ensure that cybersecurity efforts are cohesive and aligned with global best practices.

Conclusion

Nigeria’s position in the Global Cybersecurity Index 2024 reflects critical gaps in its approach to cybersecurity, particularly in the areas of policy implementation, capacity building, legal frameworks, and national coordination. As the digital landscape evolves, Nigeria faces growing threats that require immediate and strategic action.

By learning from the successes of Mauritius, Rwanda, Ghana, Tanzania, and Kenya, Nigeria can take the necessary steps to improve its cybersecurity standing and better protect its digital infrastructure. With the right investments, updated legal frameworks, and coordinated efforts, Nigeria can enhance its resilience to cyber threats and secure its place as a leader in Africa’s digital economy.

Remi Afon is the Founder GoLegit Africa (www.golegit.africa) and immediate past President, Cyber Security Experts Association of Nigeria (CSEAN)). He wrote from Lagos

Related Articles