Nigeria’s latest cybersecurity push came after breach claims linked to Sterling Bank and Remita drew public attention and forced regulators to respond. The Nigeria Data Protection Commission said it had opened an investigation into alleged data breaches involving both firms and other entities. Soon after, the Federal Government announced plans for a National Cybersecurity Coordination Council to improve cooperation across public and private institutions.
Nigeria has spent years building digital services, digital payments, and online public platforms. Yet recent breach claims exposed a more basic problem. The country had rules, agencies, and security teams, but it still lacked one broad coordination table that could bring everyone together fast when trust came under pressure. The new council plan shows the government now sees coordination as the missing layer.
The pressure point
NDPC said it was investigating alleged or suspected breaches and would examine the nature and scope of any breach, the data involved, the risk to data subjects, and the mitigation steps taken where a breach is confirmed. Reports on the probe said notices of investigation were issued on April 1, and affected parties had begun responding. That distinction matters because public fear often moves faster than verified facts.
Still, breach claims alone can shake confidence in digital finance. They create anxiety around identity documents, account details, and payment records. In a market where millions rely on bank apps and payment platforms every day, trust is part of the product. Once that trust weakens, regulators face pressure to move fast, firms face pressure to explain, and the government faces pressure to show that someone is in charge.
The council plan
The Ministry of Communications, Innovation and Digital Economy said the proposed council will be a non-statutory, multi-stakeholder coordination platform. That description matters because it shows the goal is not to create another regulator. The goal is to gather the people and institutions that already hold pieces of Nigeria’s cyber response and make them work together in a more organised way.
The government said the council will draw participants from chief information security officers across major sectors, cybersecurity professional bodies, the Nigerian Computer Society, international technology providers and OEMs operating in Nigeria, researchers, law enforcement, civil society, and government agencies responsible for cybersecurity, digital infrastructure, and information governance. That list says a lot about how cyber risk works today. A serious incident rarely stays in one lane. It can touch a bank, a cloud provider, a telecom network, a payment switch, and a regulator at the same time.
The ministry also directed NITDA, NCC, Galaxy Backbone, and NDPC to set up a technical coordination secretariat and prepare initial terms of reference for stakeholder engagement. The secretariat will sit within NITDA, and the ministry plans a national cybersecurity industry roundtable in April 2026 to help shape the operating framework. So the government has announced a serious structure and a consultation process. It has not yet unveiled a fully constituted statutory body with fixed powers in law. That point is important for accurate reporting.
The gap it aims to fix
The country already had a National Cybersecurity Policy and Strategy published in 2021, and agencies such as ONSA, NITDA, NCC, and NDPC already play roles across cyber policy, digital infrastructure, communications oversight, and data protection. What the new council adds is a single forum built around faster information sharing, early warning, coordinated response, and practical cooperation across sectors.
That focus feels overdue. In most countries, cyber weakness does not come only from poor tools. It also comes from slow coordination during live incidents. One team holds the logs. Another team holds customer data. Another team handles legal exposure. Another team handles public communication. If those teams do not share information quickly, the incident grows while everyone waits. Nigeria’s proposed council directly targets that problem through trusted threat intelligence sharing, sector-wide resilience protocols, capacity building, incident response support, and cyber risk management.
Banks and payment firms now face harder questions
The Sterling Bank and Remita angle explains why this issue broke into a wider public view. A breach claim tied to a consumer app, a lender, or a payment processor feels personal because it touches money, identity, and daily life. People do not read every cybersecurity policy update, but they do pay attention when a claim suggests customer data or financial systems may have been exposed. That public attention has now pushed cyber governance out of industry circles and into a broader national conversation.
NDPC also made clear that it is looking beyond a single headline incident. The commission said organisations that use digital payment systems without the technical and organisational safeguards required under the Nigeria Data Protection Act will come under wider scrutiny. That warning raises the pressure on banks, fintechs, processors, and service providers. Good security controls still matter, but fast and clear communication now matters just as much when an incident claim breaks in public.
What comes next
The next stage will decide if this council becomes useful or just symbolic. If the planned roundtable leads to clear rules for intelligence sharing, incident escalation, and joint action, Nigeria will strengthen a weak point in its digital system. If the process stalls at consultation, the same coordination gap will return during the next major scare. Cybersecurity only improves when institutions practise cooperation before the next incident, not after it.
Recent breach claims did what years of policy talk failed to do. They pushed cybersecurity coordination to the front of Nigeria’s digital agenda. Now the country needs follow-through, steady industry participation, and a response model that stays active long after the headlines fade.
