Nigeria is moving to break what regulators describe as a long-standing culture of silence around cyberattacks, pushing banks, fintechs, and other organisations to disclose breaches or at least share threat intelligence as incidents become more frequent and increasingly interconnected.
Kashifu Abdullahi, director-general of the National Information Technology Development Agency (NITDA), said organisations can no longer afford to treat cyberattacks as isolated or reputational issues, warning that a single breach can quickly cascade across the wider financial and digital ecosystem.
“The landscape is elevated because of AI and other dynamics, and we are all connected,” Abdullahi said on the sidelines of GITEX Africa in Morocco on April 9. “If one organisation is compromised, it can become a launch pad for others.”
His remarks come as cyber incidents continue to affect both private institutions and government agencies, including the Corporate Affairs Commission. Yet reporting levels remain low. In its latest fraud report, the Nigeria Inter-Bank Settlement System (NIBSS) said only 60 of 163 institutions reported fraud incidents in 2023 just 37% compliance. The body noted that failure to report breaches violates a Central Bank of Nigeria circular on industry fraud desks.
The scale of the problem is also growing. Data from the Financial Institutions Training Centre (FITC) showed that fraud cases involving financial institutions reached ₦5.26 billion ($3.81 million) across 14,697 incidents in the third quarter of 2025 alone.
According to Abdullahi, hesitation to disclose incidents is still largely driven by reputational concerns,an approach he believes is outdated in today’s interconnected systems.
“If you look at what happened recently, they exploited a bank, from the bank they got access to Remita, and so on,” he said. “That notion that if I am attacked and I make it public, it will damage my image has to change.”
Regulators are now pushing for a shift from silence to structured information sharing, arguing that faster disclosure could help prevent attacks from spreading across institutions.
NITDA says it is working with the Office of the National Security Adviser and the Ministry of Communications, Innovation, and Digital Economy to strengthen coordination between public and private sector players.
Momentum is also building at policy level. Earlier in April, Minister of Communications, Innovation and Digital Economy Bosun Tijani said the government plans to establish a cybersecurity coordination council. Weeks later, he added that the body will focus on building a national cyber resilience framework anchored on accountability, intelligence sharing, and policy alignment.
The Central Bank of Nigeria has also introduced a cybersecurity self-assessment tool for financial institutions and is formally recognising artificial intelligence as part of its efforts to combat financial crime.
“We are always trying to be ahead of the game,” Abdullahi said.
If implemented, Nigeria’s approach would align with a global trend toward mandatory breach disclosure and coordinated cyber defence. In Europe, the GDPR requires organisations to report certain breaches to users and regulators. Across Africa, countries like Algeria and Kenya have introduced strict timelines for reporting incidents, while South Africa’s POPIA requires notification to both regulators and affected individuals.
The International Monetary Fund has also noted that stronger reporting and information-sharing frameworks significantly improve resilience across financial systems.
For Nigeria, the bet from regulators is clear: more openness whether through disclosure or intelligence sharing could make the digital ecosystem harder to exploit and easier to defend.