Nigeria’s telecommunications operators will now be required to notify regulators of major cybersecurity incidents within hours of detection under a new regulatory framework designed to strengthen the country’s digital defence architecture.
The policy, introduced by the Nigerian Communications Commission, forms part of an effort to reinforce cyber resilience across Nigeria’s communications infrastructure as the sector becomes increasingly central to economic activity, financial services and national security.
Under the newly introduced Cyber Resilience Framework for the Nigerian Communications Sector (CRF-NCS), telecom operators must report significant cybersecurity breaches to the regulator within four hours after they are detected. The rule applies to licensed service providers across the telecommunications ecosystem, including major operators such as MTN Nigeria, Airtel Nigeria, 9mobile and Globacom.
According to the commission, the framework is intended to improve coordination in responding to cyber incidents, allowing threats to be quickly identified and contained before they spread across interconnected networks.
As part of the new reporting process, telecom operators are expected to provide detailed incident reports using a standardised cybersecurity notification template. The NCC said this structured approach will help the regulator gather timely information, support sector-wide threat analysis and protect both critical national information infrastructure and consumer data.
The CRF-NCS is structured around five core pillars that guide how telecom companies should approach cybersecurity governance and risk management. These pillars include governance and compliance, risk management, cybersecurity safeguards, incident response and resilience management, as well as capacity building and awareness.
Through these pillars, service providers are expected to establish internal cybersecurity governance frameworks, conduct periodic risk assessments and strengthen their ability to detect, respond to and recover from cyber incidents. Operators are also required to participate in joint sectoral threat intelligence initiatives coordinated by the NCC’s Computer Security Incident Response Team (CSIRT).
The commission said the framework also places strong emphasis on building cybersecurity awareness across telecom organisations. Boards of directors, technical staff and other employees are expected to receive ongoing training aimed at strengthening internal cyber risk management practices. Customer awareness is also highlighted as a key component, reflecting the growing role of digital users in maintaining a secure online environment.
In addition to existing security challenges, the framework recognises the emergence of new technological risks associated with evolving digital infrastructure. It therefore includes guidance on areas such as artificial intelligence and machine learning, quantum-secure cryptography, cloud computing and the cybersecurity implications of virtualised networks.
Telecom operators have been given a transition period of 12 months to fully comply with the requirements of the framework. During this period, the regulator will monitor progress through a set of key performance indicators designed to measure improvements in cybersecurity capability across the sector.
The NCC said the move reflects the growing strategic importance of digital infrastructure in Nigeria’s economy.
“The growing reliance on digital infrastructure has made the communications sector a critical enabler of economic stability, national security and citizen well-being. The CRF-NCS provides a unified approach to cyber resilience, aligning with national cybersecurity policies and international best practices while ensuring protection of consumer data, privacy and trust,” the commission said.
The measures also come at a time when global and domestic concerns over cyber threats continue to rise. Telecommunications companies increasingly handle vast volumes of digital traffic ranging from internet connectivity to mobile banking transactions and messaging services, making them attractive targets for cyber criminals.
Industry analysts note that telecom networks serve as key gateways for digital activity, meaning that vulnerabilities within the sector can have ripple effects across banking systems, government services and other critical sectors of the economy.
By tightening incident reporting timelines and introducing sector-wide standards for cyber risk management, the NCC hopes to strengthen Nigeria’s ability to detect and respond to cyber threats more effectively.
Ultimately the regulator says the framework is aimed at improving the resilience of telecom infrastructure, protecting consumer information and building public confidence in Nigeria’s rapidly expanding digital economy.
What will you leave when you’re gone?