Nigeria is moving toward mandatory disclosure of cyberattacks. NITDA boss Kashifu Abdullahi wants banks, fintechs, and government agencies to stop sitting on breach data and start talking about it.
Speaking at GITEX Africa in Morocco on April 9, Abdullahi delivered a direct message: staying quiet after a breach is not protection. It is an exposure for every institution connected to the one that was hit.
“If one organisation is compromised, it can become a launchpad for others,” he said at the event.
See Also: 4 Nigerian Startups Join Google Africa Accelerator 2026
Nigeria’s Fraud Numbers Demand a Reckoning
The numbers are not subtle. Financial fraud across Nigerian institutions reached ₦5.26 billion, roughly $3.81 million, across 14,697 incidents in Q3 2025 alone, according to FITC data.
The silence persists regardless. NIBSS found that only 60 of 163 institutions disclosed fraud in 2023, a 37% compliance rate. NIBSS called it a direct violation of CBN guidelines on fraud reporting.
Nigerian institutions have treated disclosure as a reputational grenade. Abdullahi says that thinking has expired.
“That notion that if I am attacked and I make it public, it will damage my image has to change,” he said.
How Regulators Are Dismantling the Silence
Regulators are not waiting. Multiple agencies are now aligning behind a single push for structured information sharing.
NITDA has pulled in the Office of the National Security Adviser and the Ministry of Communications, Innovation, and Digital Economy to build a unified response architecture. On April 1, Minister Bosun Tijani announced a national cybersecurity coordination council. Three weeks later, he expanded the scope. The council will build a framework tying accountability, intelligence sharing, and policy into a single national system.
The CBN has moved too. On March 30, it launched a cybersecurity self-assessment tool requiring financial institutions to measure their own preparedness. The circular formally recognised AI as a tool in combating financial crime.
What triggered the urgency? Abdullahi pointed to a specific attack chain that moved from a bank to Remita and beyond. That example, a single breach spreading laterally across institutions, is exactly the scenario regulators want to prevent through faster, structured disclosure.
See Also: NLC: ₦1m Salary Means Nothing If Naira Keeps Falling
What Nigeria Can Learn From Global Disclosure Laws
Other African countries are already ahead. Nigeria is catching up.
Kenya mandates breach disclosure within 48 hours. Algeria gives organisations five days. South Africa’s POPIA requires notification to both regulators and affected individuals. In April 2025, enforcement tightened further. Companies must now log every incident through a central portal, recording the breach, data exposed, and steps taken to contain it.
Europe’s GDPR requires organisations to notify users when a breach poses a high risk. The IMF’s position is direct: institutions that share breach data collectively become harder to attack.
Nigeria sits behind all of them. Three ministries and the CBN are now moving together. The gap may close faster than expected.
If Nigeria follows through, banks and fintechs will face a choice: get ahead of disclosure on their own terms, or wait for regulators to force it on theirs.
GizPulse tracks the decisions that shape Africa’s digital future. Subscribe to the GizPulse newsletter and get analysis like this delivered to your inbox every week.
