Latest Headlines
Expert Identifies Factors for Nigeria’s Low Rating in Global Cybersecurity Index
Emma Okonji
Founder, GoLegit Africa and immediate past President, Cyber Security Experts Association of Nigeria (CSEAN)), Remi Afon, has identified some factors why Nigeria was rated low in the latest Global Cybersecurity Index 2024, released recently by the International Telecommunication Union (ITU).
Afon, who blamed the poor ranking on the attitude of the government in addressing the country’s cybersecurity issues, called on the federal government to as a matter of urgency, fix her cybersecurity shortcomings, in order to protect Nigeria’s cyberspace and improve the country’s image in future global rating.
The Global Cybersecurity Index (GCI 2024), ranked Nigeria among Tier 3 countries in the world, and categorised countries into five tiers, with Tier 1 representing the highest level of cybersecurity commitment across legal, technical, organisational, capacity-building, and cooperative pillars.
The ranking placed Nigeria in Tier 3, which is part of a group of 105 countries that have expanded digital infrastructure but are still working to develop comprehensive cybersecurity frameworks.
Afon, in a statement, said the ITU Global Cybersecurity Index (GCI) 2024, underscored the urgent need for Nigeria to address its cybersecurity shortcomings.
According to him, “Despite being Africa’s largest economy and a rising tech hub, Nigeria’s performance in the GCI reflects several deep-rooted challenges that hinder its ability to effectively secure its digital infrastructure. In contrast, other African countries such as Mauritius, Rwanda, Ghana, Tanzania, and Kenya have made significant strides in cybersecurity, positioning them as regional leaders.”
While some progress has been made in recent years, Nigeria’s rating reveals several areas in need of urgent attention. “These include the implementation of existing cybersecurity policies, investment in cybersecurity capacity building, and the revision of outdated legal frameworks. Without swift reforms, Nigeria’s digital ecosystem remains vulnerable to a range of cyber threats,” Afon said.
He highlighted some of the key factors that must have contributed to Nigeria’s low rating to include: Lack of Implementation of the National Cybersecurity Policy and Strategy (NCPS), Inadequate Capacity Building, Outdated Cybercrime Legislation, Underfunding of Cybersecurity Initiatives, Delayed Operationalisation of the National Cybersecurity Coordination Centre (NCCC), and Inactivity of the Cybercrime Advisory Council.
In the area of National Cybersecurity Policy, Afon said the lack of concrete implementation, limited its effectiveness, and that the policy is yet to be fully operationalised across government and private sectors, leading to fragmented and uncoordinated efforts in addressing cybersecurity challenges in the country.
In the area of capacity building, he said: “A significant issue for Nigeria is the lack of investment in capacity building. Government agencies and critical sectors lack the trained personnel and resources to handle growing cyber threats. There are limited training programmes aimed at developing cybersecurity expertise within public institutions, leaving the country underprepared to respond to cyber incidents.”
He also said the country’s legal framework lacked provisions for addressing emerging threats such as ransomware, advanced cyber espionage, deepfakes, and other AI-enhanced cyber-attacks, adding that without updates, law enforcement agencies face difficulties in effectively prosecuting cybercriminals, leaving gaps in Nigeria’s cyber defences.
While insisting that Nigeria’s cybersecurity efforts are largely underfunded, Afon said there were several delays in the operationalisation of its cybersecurity efforts, which have resulted in a lack of national coordination, thus weakening Nigeria’s response to cyber incidents.
In his statement, he clearly stated that the Cybercrime Advisory Council, intended to provide strategic oversight on cybersecurity matters, has remained largely inactive.
To improve Nigeria’s cybersecurity standing and safeguard her digital infrastructure, government must take decisive action, Afon said.
He therefore recommended the full implementation of the National Cybersecurity Policy and Strategy. He said government must invest in developing a skilled cybersecurity workforce, through partnerships with international organisations and NGOs like Cyber Security Experts Association of Nigeria, and roll out training programmes and initiatives that would promote cybersecurity education and awareness.
He also called for an update in the Cybercrime Act of 2015 to address modern cyber threats such as ransomware, Internet of Things (IoT) attacks, AI-related cyber-attacks and other advanced cybercrimes.
He strongly advised the government to increase funding of cybersecurity initiatives in order to build the infrastructure and human capital needed to respond to cyber threats, and to revitalise the Cybercrime Advisory Council, insisting that a functioning council will ensure that cybersecurity efforts are cohesive and aligned with global best practices.