Emma Okonji, the founder of GoLegit Africa and former president of the Cyber Security Experts Association of Nigeria (CSEAN), recently sat down with us to share insights on the Global Cybersecurity Index (GCI) 2024, published by the International Telecommunication Union (ITU). The report revealed that Nigeria is ranked in Tier 3, highlighting a critical need for improvement in its cybersecurity framework.
Afon attributed Nigeria’s low score to the government’s ineffective responses to cybersecurity threats. He emphasized the urgent need for federal action to address these gaps to safeguard Nigeria’s cyberspace and enhance its reputation in future global evaluations.
“The GCI 2024 underscores an urgent need for Nigeria to confront its cybersecurity weaknesses,” Afon noted. “Even though Nigeria is the largest economy in Africa and a burgeoning tech hub, the country’s performance reflects serious challenges that hinder its ability to protect its digital infrastructure. In contrast, nations such as Mauritius, Rwanda, Ghana, Tanzania, and Kenya have made significant strides in cybersecurity, positioning themselves as leaders in the region.”
While acknowledging some progress, Afon pointed out ongoing issues demanding immediate focus, including the implementation of current cybersecurity policies, investment in workforce development, and updates to outdated legal frameworks. “Without prompt reforms, Nigeria’s digital landscape remains vulnerable to various cyber threats,” he cautioned.
He identified several critical factors contributing to Nigeria’s unfavorable ranking, such as the non-implementation of the National Cybersecurity Policy and Strategy (NCPS), insufficient capacity building, outdated cybercrime legislation, limited funding for cybersecurity initiatives, delays in activating the National Cybersecurity Coordination Centre (NCCC), and the inactivity of the Cybercrime Advisory Council.
Afon elaborated on the challenges related to the National Cybersecurity Policy, stating that limited execution has hindered its effectiveness. “The policy has not been fully operational in both the government and private sectors, leading to fragmented and disorganized responses to cybersecurity challenges,” he explained.
On capacity building, he expressed concern about inadequate government investment in developing skilled personnel. “Key sectors are lacking trained experts and resources to tackle the growing cyber threats, and there are very few training programs aimed at nurturing cybersecurity talent within public institutions,” he said.
Additionally, Afon criticized the current legal framework for failing to address emerging threats such as ransomware and advanced cyber espionage. “Without necessary updates, law enforcement struggles to prosecute cybercriminals, further exposing Nigeria’s cyber defenses,” he remarked.
He underscored that funding shortfalls significantly hinder Nigeria’s cybersecurity initiatives. Afon pointed out that delays in operationalizing various cybersecurity efforts have led to a disjointed national response to cyber incidents. Furthermore, he highlighted the Cybercrime Advisory Council’s inactivity, which undermines the strategic oversight crucial for these endeavors.
To improve Nigeria’s cybersecurity posture, Afon called for decisive government actions. He advocated for fully implementing the National Cybersecurity Policy and Strategy, investing in workforce development through partnerships with international organizations and NGOs like CSEAN, and establishing training programs to elevate cybersecurity education and awareness.
He also recommended updating the Cybercrime Act of 2015 to address contemporary threats, including ransomware and IoT attacks. Afon stressed the need for increased funding for cybersecurity initiatives to build essential infrastructure and human capacity. He contended that revitalizing the Cybercrime Advisory Council would contribute to a more coordinated and globally aligned approach to cybersecurity in Nigeria.