The Cybercrimes (Prohibition, Prevention, etc.) Act 2015 is Nigeria’s primary legislation dealing with cybercrime. It criminalises a wide range of digital offences and imposes specific obligations on businesses operating in the digital space. Understanding the Act is essential for any company that relies on digital infrastructure.
Overview of the Cybercrimes Act 2015
The Act provides a comprehensive legal framework for the prohibition, prevention, detection, prosecution, and punishment of cybercrimes in Nigeria. It has been amended by the Cybercrimes Amendment Act 2024.
Key Offences
Unlawful access to computer systems, denial of service attacks, computer-related fraud, identity theft, cyber-stalking, phishing, electronic card fraud, and interception of electronic communications. Penalties range from fines to 10 years custodial sentences.
Business Obligations
Record Keeping
Internet service providers and online platforms must retain traffic data and subscriber information for a minimum of two years.
Reporting Obligations
Financial institutions must report cyber incidents to the relevant regulatory/authority per CBN guidelines.
Practical Steps
Implement a cybersecurity policy covering access controls, password management, and incident response. Retain traffic data for at least two years. Train staff to recognise phishing attempts. Appoint a responsible person for cybersecurity incident reporting.
Contact Marturion Legal for cybersecurity compliance advice.