The Federal Government has announced plans to establish a National Cybersecurity Coordination Council, a move that signals a fundamental shift in how Nigeria intends to manage its growing exposure to digital threats.
Communications Minister Bosun Tijani announced the initiative following a string of cybersecurity incidents that disrupted operations across major private institutions and public systems. The announcement comes at a moment when Nigerian organisations are experiencing some of the highest weekly cyber-attack volumes in Africa, with incidents rising into the thousands.
A Platform, Not a Regulator
The proposed body is designed as a coordination mechanism rather than an enforcement authority. It will function as a non-statutory, multi-stakeholder platform with a primary mission to foster trusted information sharing and develop collective defence models to protect Nigeria’s rapidly expanding digital ecosystem.
The government has observed that when a cyberattack targets one institution, others are often at risk too, and isolated responses leave the entire ecosystem exposed. The Council would bring together chief information security officers, cybersecurity professional associations, international technology companies operating in Nigeria, digital security researchers, law enforcement, and civil society organisations.
Who Is Building It
To kickstart the process, the Minister has directed NITDA, the Nigerian Communications Commission, Galaxy Backbone, and the Nigeria Data Protection Commission to form a technical secretariat, which will be domiciled within NITDA and tasked with drafting the initial Terms of Reference for the Council. The formal consultation process is set to begin in April 2026 with a national cybersecurity industry roundtable.
Why the Existing Framework Falls Short
The announcement implicitly acknowledges that Nigeria’s current governance architecture is not keeping pace with modern threats. The Cybercrime Advisory Council, created under the Cybercrimes Act 2015, was built for policy guidance within a narrow cybercrime context, not for the integrated, whole-of-nation cybersecurity governance now required. Its advisory mandate, limited enforcement power, and narrow statutory scope leave the country without a unified authority to set national standards or coordinate crises across critical sectors.
Today’s threat actors range from transnational syndicates to ransomware crews, exploiting leaked credentials, weak identity controls, and the growing use of artificial intelligence, including deepfake audio and video used to authorise payments, and phishing written in near-perfect English.
What Comes Next
The Council’s operational priorities are expected to include the creation of mechanisms for incident response and recovery, alignment of governance and regulatory frameworks to enhance accountability, and the implementation of capacity-building programmes to strengthen the cybersecurity workforce.
For Nigeria’s digital economy to continue attracting investment, the government will need to move quickly from announcement to structure. A coordination council with no statutory authority is only as effective as the trust its members place in it, and that trust will take more than a roundtable to build.
