Nigeria plans to mandate cyberattack disclosure and threat intel sharing for banks, fintechs, and agencies, as breaches rise and reporting stays low.
Nigeria is preparing rules that would require organisations to disclose cyberattacks. The push targets banks, fintechs, and government agencies, and it also encourages sharing threat intelligence. Regulators say rising AI-enabled attacks make silence risky for the wider ecosystem.
Nigeria cyberattack disclosure is moving from a “nice to have” to a likely compliance requirement.
Kashifu Abdullahi, director general of the National Information Technology Development Agency (NITDA), said organisations must begin disclosing breaches, or at minimum share intelligence about incidents. He spoke to TechCabal on the sidelines of GITEX Africa in Morocco on April 9.
The argument is that systems are connected, so one compromised organisation can be used as a launch pad for attacks on others. That risk is higher as attackers use AI, meaning software that can automate phishing, scan for weak systems, and generate malicious code faster.
The comments follow a series of cyber incidents affecting both financial institutions and public sector systems. One recent case cited was the Corporate Affairs Commission, which runs key corporate registry services.
Reporting levels are also a concern. In a publicly available fraud report, the Nigeria Inter-Bank Settlement System (NIBSS) said only 60 out of 163 institutions reported fraud incidents in 2023. That is a 37% compliance rate, and NIBSS noted that non-reporting breaches a Central Bank of Nigeria circular on industry fraud desks.
Mandatory disclosure can improve early warning across the sector. When a bank or fintech reports indicators of compromise, which are clues like suspicious IP addresses or malware signatures, peers can block similar attacks sooner.
It also raises the bar for governance. Founders and operators may need clearer incident response plans, tighter access controls, and faster timelines for notifying regulators and customers.
For investors and partners, better reporting can reduce uncertainty. It can also create more demand for security audits, monitoring tools, and compliance support.
Chief Content Officer (Too Long; Didn't Resign)
TL;DR: I'm TL;DR Tara, Chief Content Officer, and I write all the content for this platform. I'm brilliant at it. Read on for proof.
Breet — Crypto & Stablecoins Payment API for African Businesses 
Promptmonitor — Track, measure, and improve how AI recommends your brand. 
Promptmonitor