The government of Lagos State has unveiled a new set of cybersecurity guidelines aimed at improving digital safety for businesses, government institutions, and residents as cybercrime losses in Nigeria continue to rise.
The announcement was made by the Commissioner for Information and Strategy, Gbenga Omotoso, who revealed that the initiative forms part of broader efforts to position Lagos as a secure and globally competitive digital hub.
According to the government, Nigeria currently records approximately $500 million (about ₦250 billion) in annual cybercrime losses, highlighting the urgent need for stronger digital protection measures.
The cybersecurity framework was developed with contributions from the Lagos State Cybersecurity Advisory Council, chaired by cybersecurity expert Fene Osakwe.
Framework designed to strengthen digital protection
Officials explained that the guidelines provide practical and scalable cybersecurity practices to help organisations safeguard their systems and sensitive data from evolving cyber threats.
Speaking on the initiative, Gbenga Omotoso said the framework was necessary as Lagos continues to expand its digital infrastructure.
“While Lagos is rapidly evolving into a SMART City, this progress brings heightened vulnerability to cyber threats,” the statement noted.
The guidelines, publicly available on the Lagos State government website, outline best practices for small businesses, medium and large enterprises, and government agencies.
The framework is also aligned with major national cybersecurity and data protection regulations, including:
- Cybercrime Act 2024
- Nigeria Data Protection Act 2023
- National Cybersecurity Policy and Strategy 2021
Key responsibilities for businesses and institutions
The guidelines place significant emphasis on small and medium-sized enterprises (SMEs), which are often more vulnerable to cyberattacks due to limited security resources.
Under the framework, organisations are encouraged to adopt several protective measures, including:
- Applying data minimisation practices to reduce unnecessary data exposure
- Implementing secure data storage systems with encryption
- Establishing incident response plans to manage cyber breaches
- Reporting cybersecurity incidents within 72 hours to relevant authorities
In the event of a breach, organisations are required to notify the Nigeria Data Protection Commission, affected customers, and ngCERT.
However, the Lagos State Government clarified that the cybersecurity guidelines are not mandatory regulations, but rather practical tools designed to help organisations adopt stronger digital security practices.
Cybersecurity seen as key to economic stability
The framework also emphasises that cybersecurity is a shared responsibility among businesses, government institutions, and individuals.
Officials noted that secure digital infrastructure strengthens economic stability, protects businesses from financial losses, and improves investor confidence.
Organisations are therefore encouraged to assess the cybersecurity practices of third-party vendors, cloud service providers, and external partners as part of a broader risk management strategy.
The government further urged companies to take proactive steps such as:
- Conducting cybersecurity self-assessments
- Implementing basic security controls
- Investing in employee cybersecurity awareness programmes
- Collaborating with state-led cybersecurity initiatives
Authorities also stressed the importance of monitoring and evaluation systems to track cybersecurity performance and ensure continuous improvement.
The initiative was supported by the Commissioner for Innovation, Science and Technology, Tubosun Alake, who played a key role in advancing the project.
Rising cyber risks in Nigeria’s growing digital economy
Lagos State is widely regarded as Africa’s fastest-growing digital economy, with more than 22 million residents actively using digital platforms and a startup ecosystem estimated to be worth $15.3 billion.
However, the expansion of digital services has also increased exposure to cyber threats.
Globally, the average cost of a data breach stands at about $4.45 million per incident, while Nigeria has recorded over ₦1.1 trillion in cybercrime losses in the past three years, including ₦53.4 billion lost in 2024 alone.
Authorities believe the new cybersecurity guidelines will help strengthen digital resilience, protect businesses, and support Lagos’ ambition to become a leading global technology hub.
