By Prince Osuagwu, Hi-Tech Editor
Despite the existence of the Nigerian Cybercrimes (Prevention, Prohibition, etc.) and Amendment Act of 2024, Nigeria’s cyberspace has faced escalating challenges in recent years, with cyberattacks inflicting substantial financial losses on banks, telecommunications companies, and government institutions.
Yet, even as the threats escalate, the government appears to pay passive attention and the country’s enforcement agents are seemingly misdirecting their activities towards suppressing dissent rather than bolstering cyber security.
Although the security agencies have flatly denied that they are misapplying enforcement of the act, branding those holding such opinions as ignorant, civil society activists and notable lawyers are insisting that it’s either the agencies are not conversant with the letters of the Act or totally mischievous, with the manner they’re going about harassing social critics in the name of the Act.
The Force Public Relations Officer, ACP Olumuyiwa Adejobi, told Vanguard: “It is ignorant to say we are hiding under the Cybercrime Act to suppress dissent.
In fact, the truth is that many people are not conversant with the Cybercrime Act until one or two people were arrested and prosecuted.
“Our activities have now awakened their consciousness and awareness of the law, particularly in cyber-bullying or stalking and the likes”.
But, prominent lawyer and Senior Advocate of Nigeria, Mr.Kunle Edun, SAN in a response, said: “Sadly, most of these cases are never concluded because government officials or rich men allegedly defamed or cyber-stalked, never come to court to testify. This is abuse of power and the courts must never encourage it.
“The weaponization of the Cybercrimes Act by investigating and prosecuting agencies is only meant to decimate dissenting voices.
“Charges of cyber-stalking and cyber-bulling are often filed to intimidate critics of government, politically exposed persons and businessmen, which is contrary to the letters and spirit of Section 39 of the Constitution, which provides that every Nigerian shall have a right to freedom of expression, including freedom to hold opinions and to receive and impart ideas and information without interference.
“Section 39(2) of the same Constitution guarantees every citizen the right to own and operate any medium for the dissemination of information, ideas and opinions.
“Sedition is no longer a law in Nigeria. By virtue of the afore-cited provisions of the Constitution, public criticism of government and public officials is a constitutional right and can never be criminalized.
“Sadly, the EFCC, DSS and the Police continue to major in the minor, while billions of naira have been lost in the banking and finance industry because of the activities of electronic fraudsters, popularly called yahoo yahoo boys. They do far more damage to the economy and image of the country.”
Financial sector losses
The financial sector has been particularly vulnerable to cyber threats. Between 2017 and 2023, Nigerian financial institutions, including commercial banks, fintech firms and network service providers, were reported to have suffered losses exceeding N1.1 trillion due to various cyber threats such as hacking, ransomware, and malware attacks.
In one notable incident in September 2022, cyber-criminals exploited vulnerabilities in an old-generation bank, transferring N523.337 million from a customer’s account to 18 different accounts within the same bank over a three-day period.
A top official at Cybervergent, a renowned global cybersecurity technology company, told Vanguard that in 2024, Nigeria’s financial sector faced an unprecedented wave of cyberattacks that exposed critical vulnerabilities, letting cybercriminals steal over N53.4 billion.
The hard truth
The source said: “The hard truth is that last year was marked by high-profile breaches that shook the banking sector to its core. One of the most devastating incidents involved a Tier-1 Nigerian bank, where hackers siphoned N10 billion in a single attack. The fallout was so severe that a Federal High Court ordered the freezing of over 800 accounts suspected of being linked to the fraud. Similarly, another leading financial institution was fined N555.8 million by the Nigeria Data Protection Commission, NDPC, for failing to protect customers’ data. Other banks and financial institutions also faced hefty penalties for cybersecurity lapses, resulting in significant financial and reputational damage.
“These breaches underscore a harsh reality that despite rapid digitization, Nigerian banks remain alarmingly vulnerable to cyber threats. For customers, the impact is deeply personal; savings wiped out, investments lost and financial stability shattered. At least in 2024 alone, cybercriminals went away with over N53.4 billion of financial sector’s money. With that, the message is clear: cybersecurity is no longer a luxury; it is an absolute necessity.”
Broader economic impact
Cyber-attacks are not just a threat to individual institutions; they are also a threat to Nigeria’s economic stability and growth.
The ripple effects of these cyber-attacks on the financial sector, is the erosion of trust in digital banking which has even pushed many Nigerians back to cash transactions, stalling the country’s progress towards financial inclusion.
However, the attacks extend far beyond the banking sector. The telecommunications sector has also been targeted, with cyberattacks disrupting services and compromising user data. Government agencies have equally been attacked, with valuable and critical country secret information compromised.
These breaches not only erode trust but also pose significant financial burdens due to the costs associated with mitigating them, and potential regulatory fines they can attract.
For instance, the National Bureau of Statistics, NBS, was said to have once allocated N35 million to bolster its cybersecurity defences after a hack.
According to the Consumer Awareness and Financial Enlightenment Initiative, CAIEI, such incidents highlight the broader economic toll of cybercrime, which could cost Nigeria an estimated $6 trillion by 2030.
Passive government attention
Incidentally, the Federal Government is aware that Nigeria is vulnerable to cyberattacks.
The National Security Adviser, Nuhu Ribadu, at a workshop for policymakers and sector regulators on critical national information infrastructure protection and resilience in Abuja, recently, admitted that urgent steps must be taken, else, criminals will overrun the country’s cyber space.
He said the country recently faced numerous attacks on its installations.
Hear him: “We are now confronted with heightened threats of attacks on our telecommunications systems, banking platforms, power and energy grids, military networks, transportation systems, national databases, elections, digital systems, and other critical assets.
“We are also confronted with threats of online financial scams and fraud perpetuated by nefarious individuals and groups within and outside the country, which is persistently denting our economy and, indeed, our international image.
“This, and other attacks on military networks, national database and digital system, among others, have a ripple effect on the nation’s economy.
Misapplication of the Cybercrimes Act
While cyber threats escalate, enforcement of the Cybercrimes Act has often been alleged to tilt towards silencing government critics:
In December 2024, lawyer and activist, Dele Farotimi, was arrested following allegations of defamation linked to his book critiquing Nigeria’s criminal justice system. His detention sparked nationwide protests and debates over freedom of expression.
Also in December 2024, social media activist, Olamide Thomas, was arrested and charged under the Cybercrimes Act for allegedly “insulting” President Bola Ahmed Tinubu’s son, Seyi, on Facebook. Thomas had criticized Seyi’s alleged influence on government contracts, prompting swift action from law enforcement.
A popular Tiktoker, Olumide Ogunsanwo, also known as “Seaking” was recently arrested for making a viral video, speaking against the extension of the IGP’s tenure in office. Immediately the video hit the airwaves, he was promptly arrested and detained. It took the intervention of journalist and activist, Omoyele Sowore and his team’s prompt rejection of the initial bail condition requiring a Level 12 or 10 civil servants, to force a swift agreement to administrative bail, before he was released from Police custody.
In 2019, Sowore himself was arrested and charged with treason, money laundering, and cybercrime offenses after organizing the #RevolutionNow protest. The charges included granting interviews aimed at causing insult and ill-will towards the President.
In 2023, facebook user, Chioma Okoli, was arrested for publishing an ‘offensive’ review of a particular brand of tomatoes on her facebook page.
Okoli, on September 17, published a product review on her Facebook page, saying “I went to buy tinned tomatoes yesterday that I will use to make stew. I didn’t see Gino and Sonia.
“So, I decided to buy this one. When I opened it, I decided to taste it. Omo! Sugar was just too much. Ha, biko, let me know if you have used this tinned tomato before because this is an Ike gwuru situation.”
Although the makers of the said tomato paste dismissed her claims as untrue, they went ahead to arrest and detain her for several months, even when it was claimed the woman was pregnant.
Dangers of improperly aligned enforcement
The list of these diversions of cybersecurity resources towards suppressing dissent is endless but the unfortunate reality is that it has several detrimental effects, including increased vulnerability, economic losses, and systemic distrust, among other negative impacts.
A renowned lawyer and social critic, Mr Nwachukwu Odoemelam said with attention focused on critics, genuine cyber threats may go unaddressed, leaving critical infrastructure and financial systems exposed.
He added that “unmitigated cyberattacks can lead to significant financial losses, affecting economic stability and investor confidence. That is even as public trust in digital systems and government institutions may decline if citizens perceive that laws are enforced selectively.
Securing Nigeria’s Cyberspace
To enhance Nigeria’s cybersecurity posture, Odoemelam advocated refocusing of enforcement strategy, strengthening of infrastructure, promoting transparency and genuine and deliberate engagement of critical stakeholders across related ecosystems
For him, Nigeria is not a lost case when it comes to the issue of porous cyberspace.
He said the ability to re-energise efforts towards prioritising the application of the Cybercrimes Act would determine how easy it would be to mitigate genuine cyber threats rather than political dissent.
“We must also ensure that actions taken under the Cybercrimes Act are transparent and subject to judicial oversight to prevent misuse. Most importantly there should be a deliberate effort to foster collaboration among government agencies, private sector entities, and civil society to develop comprehensive cybersecurity strategies,” he added.
Abusing the cyberstalking provision of the Act
However, it appears the security agencies are depending more on Section 24 of the Act which deals with cyberstalking.
That section of the Act outlines various acts that constitute this offence.
They include: Sending Offensive Messages: Knowingly or intentionally sending a message that is offensive, obscene, or menacing, with penalties including a fine of up to N7,000,000 or imprisonment for up to 3 years.
– Sending False Messages: Knowingly or intentionally sending a false message to cause annoyance, inconvenience, or anxiety, with similar penalties.
– Bullying, Threatening, or Harassing: Transmitting communications to bully, threaten, or harass another person, placing them in fear of death, violence, or bodily harm, with penalties including imprisonment for up to 10 years and/or a minimum fine of N25,000,000.
– Threats to kidnap or harm: Transmitting communications containing threats to kidnap or harm another person, with penalties including imprisonment for up to 10 years and/or a minimum fine of N25,000,000.
– Threats to Harm Property or Reputation: Transmitting communications containing threats to harm property or reputation, with penalties including imprisonment for up to 5 years and/or a minimum fine of N15,000,000.
Source; Vanguard News
