Nigeria Mandates Cybersecurity Breach Disclosure Across All Sectors

In a significant move to enhance cybersecurity transparency, Nigeria’s tech regulator, the National Information Technology Development Agency (NITDA), announced that all organizations—not just financial institutions—must now disclose cyberattacks or share threat intelligence.

This directive follows years of efforts to improve reporting from banks and fintech companies, which have shown limited compliance despite existing mandates. Only 37% of financial institutions reported fraud incidents in 2023, resulting in over $3.8 million in losses across nearly 15,000 incidents.

The new requirement extends this expectation to all sectors, aiming to create a more interconnected and informed cybersecurity landscape. NITDA is coordinating with other government agencies—including the Office of the National Security Adviser and the Ministry of Communications—to implement these changes.

This aligns with broader trends across Africa, where countries like Kenya and South Africa have already implemented similar transparency measures through legislation like POPIA in South Africa.

The move comes as cyberattacks become increasingly frequent and interconnected globally. By requiring organizations to disclose breaches, regulators hope to improve threat detection, response capabilities, and overall cybersecurity posture nationwide.