Lagos Unveils Cybersecurity Guidelines as Nigeria Loses $500 Million Annually to Cybercrime

The Lagos State Government has introduced a new set of cybersecurity guidelines aimed at strengthening digital safety across businesses, public institutions, and everyday internet users. The move comes as Nigeria continues to suffer heavy financial losses from cybercrime, estimated at about $500 million (approximately N250 billion) annually.

The announcement was made by the Commissioner for Information and Strategy, Gbenga Omotoso, who explained that the framework is designed to position Lagos as a secure and globally competitive digital hub. The guidelines were developed with input from the Lagos State Cybersecurity Advisory Council, chaired by Fene Osakwe, and reflect the state’s growing focus on digital resilience.

According to the government, the guidelines offer practical steps for organisations of all sizes—including small businesses, large enterprises, and government agencies—to better protect their systems and data. Key recommendations include data minimisation, encrypted storage systems, incident response planning, and mandatory reporting of breaches to authorities such as ngCERT within 72 hours. The framework also aligns with national laws, including the Cybercrime Act (2024) and the Nigeria Data Protection Act (2023).

While the guidelines are not legally binding, officials say they are meant to serve as a strong roadmap for improving cybersecurity practices across sectors. Organisations are also encouraged to evaluate the security of third-party vendors, invest in staff training, and adopt continuous monitoring systems to reduce vulnerabilities in an increasingly digital economy.

Lagos, which is widely seen as Africa’s fastest-growing digital economy, continues to expand its digital footprint with over 22 million active users and a startup ecosystem valued at about $15.3 billion. However, rising cyber threats remain a major concern, with Nigeria recording over N1.1 trillion in cybercrime losses in the past three years. The state government says the new guidelines are a necessary step to protect economic growth and attract global investment in a safer digital environment.