• Nigeria drafts new telecom cybersecurity framework for 2026 rollout
• Rules cover incident management, risk assessment, information sharing
• Africa now world’s most targeted region for cyberattacks

Nigeria's telecommunications regulator, the Nigerian Communications Commission (NCC), is preparing a new regulatory framework to bolster cybersecurity in the sector. The draft, developed with support from the World Bank by the consulting firm CyberNover, was unveiled last week at a workshop in Abuja.

Scheduled for implementation in 2026, the framework aims to protect critical infrastructure and millions of users from a surge in cyberattacks. It will impose new standards on telecom operators for incident management, risk assessment, information sharing, and cooperation with authorities.

"Both state and non-state actors are targeting essential sectors—including ours – through coordinated cyber and physical attacks," said Abraham Oshadami, the NCC's Executive Commissioner for Technical Services. "These attacks frequently target control systems and data integrity, underscoring the critical risks posed to operational technology (OT)—especially in our sector."

This new regulation will build upon Nigeria's 2015 Cybercrime Prevention Act and the 2023 Data Protection Act. It comes as African countries face increasing cyber threats due to rapid digital transformation. According to Check Point Software Technologies' "Global Threat Intelligence" report, released in July 2025, Africa has become the world's most targeted region for cyberattacks, with an average of 3,374 attacks per week.

Nigeria alone recorded 6,101 weekly attacks, followed by Angola with 3,731 and Kenya with 3,468. By providing a clear and harmonized framework for the sector's response, Nigeria hopes to improve network resilience, strengthen consumer confidence, and attract more investment into its digital ecosystem.

The country's cybersecurity standing has room for improvement. In 2024, the International Telecommunication Union (ITU) classified Nigeria as a Tier 3 country with a score of 82.4 out of 100 on the Global Cybersecurity Index.

Adoni Conrad Quenum