By Jamiu Akande
As Nigeria’s digital economy expands, the threats facing businesses and public institutions grow ever more complex. Over the past decade, Nigeria has made impressive strides in cybersecurity policy and regulation. Landmark initiatives—such as the Nigeria Data Protection Regulation (NDPR), the Cybercrime Act, and the National Cybersecurity Policy—have laid a strong foundation for data protection, legal compliance, and public awareness. NITDA has driven sector-specific guidelines, launched nationwide cybersecurity awareness campaigns, established CERT-NG, implemented data protection audits, and fostered partnerships with international bodies like Interpol and ECOWAS.
Despite these achievements, the impact has been primarily policy-driven. Many Nigerian businesses—especially SMEs, microfinance banks, schools, universities, and even government agencies—remain vulnerable to cyber threats due to the absence of clear, technical security requirements. Policies set the direction, but practical technical standards provide the tools for organizations to protect themselves. Although frameworks like ISO 27001 offer robust guidance, they are often too complex and resource-intensive for most SMEs and agencies. Nigeria now needs a simple, actionable guide tailored to its local context, empowering the digital ecosystem to enhance security in a practical, achievable way.
Nigeria Top Cyber Essentials Check: A Practical Solution
Nigeria needs a solution that guides businesses through essential cybersecurity steps, providing a clear checklist of actions required to achieve an acceptable security level. This checklist would
serve as a practical tool for organizations to assess their cybersecurity posture, either through self-assessment or accredited evaluation. By offering straightforward guidance, this baseline empowers businesses to take concrete steps towards real-world protection.
Key recommended checks include:
● Malware Protection
● Firewall Implementation
● Secure Configuration
● User Access Control
● Patch Management
● Data Backup
● Incident Response Plan
● Secure Password Practices
● Email security
● Web Application Security
The “Nigeria Top Cyber Essentials Check” would serve as a practical baseline for businesses, providing a clear path to improving their security posture and enabling them to protect themselves more effectively.
Assessment and Certification: Building Trust
To encourage adoption, I propose a two-tiered badge system:
Self-Assessment Badge:
● Businesses complete an online checklist covering the core essentials. Meeting all criteria earns them a self-assessment badge, signaling their commitment to cybersecurity.
Assessed Certification:
● For greater assurance, accredited assessors can conduct independent checks. Businesses that pass receive a certification badge, demonstrating verified cybersecurity practices to customers, partners, and investors.
Learning from Other Countries
Countries like the UK (Cyber Essentials), USA (NIST Cybersecurity Framework), Singapore, and Australia (Essential Eight) have implemented practical, accessible standards for businesses.
Nigeria can learn from these models but must tailor its approach to be affordable and practical for local SMEs.
The Benefits: Trust, Security, and Growth
A technical cybersecurity baseline, managed by a trusted national agency, would:
● Reduce cyber risks for Nigerian businesses
● Build customer and investor trust
● Simplify regulatory compliance
● Align Nigeria with global best practices
● Foster economic growth in the digital sector
Who Should Manage This?
This initiative could be led by either NITDA or NCCC/ONSA, with strong coordination between both agencies. A collaborative approach would ensure credibility, effective rollout, and alignment with national priorities.
Call to Action
Nigeria has shown leadership in policy development. Now is the time to take the next step—introducing a technical cybersecurity baseline and certification scheme for Nigerian businesses. I urge NITDA, NCCC/ONSA, policymakers, and industry stakeholders to collaborate on this initiative, ensuring Nigeria’s digital economy remains secure, competitive, and resilient.
Jamiu Akande is an award-winning global cybersecurity expert, security researcher and Founder of OpenCYPOD, a non profit cybersecurity initiative providing free cybersecurity support to early stage startup founders. Jamiu is an investor and builder. He shares his thoughts on LinkedIn about leadership, technology and cybersecurity.
