Nigerian Communications Commission (NCC) has mandated mobile network operators and service providers to notify it within four hours of detecting any cyberattack starting February 2027, under a new Cyber Resilience Framework for the Nigerian Communications Sector (CRF-NCS).
NCC
The directive, contained in the framework released last month, aims to bolster protection of telecommunications infrastructure and subscriber data across Nigeria’s digital ecosystem.
The NCC stated that operators must alert the regulator within four hours of identifying a cyber incident, followed by updates every four hours until containment, and submit a final confirmation report within 24 hours via a dedicated portal.
Read Also: NCC Proposes 14-Day SIM Deactivation Notice to Curb Fraud, Protect Users
The one-year implementation timeline allows telecom firms to deploy necessary monitoring systems and processes before the February 2027 enforcement date.
The framework mandates establishment of dedicated Security Operations Centres (SOCs) for continuous network surveillance, early threat detection, and coordinated internal responses. Each operator must appoint a cybersecurity lead to liaise with the NCC’s Computer Security Incident Response Team (CSIRT) for intelligence sharing and sector-wide incident management.
NCC emphasised that telecom networks, handling massive consumer data and serving as gateways for mobile banking, internet traffic, and digital services, face escalating threats including service disruptions, data breaches, malware infections, and system-wide attacks.
Swift reporting will enhance situational awareness, enable rapid threat mitigation, and prevent incidents from cascading into national outages or compromises.
The measures form part of Nigeria’s broader push to fortify communications infrastructure amid rapid digital economy growth and rising global cyber concerns.
Read Also: NCC Moves to Sanction Road Contractors Over Fibre Cuts
Telecom companies, increasingly classified as critical infrastructure, must adopt unified cybersecurity postures to safeguard sensitive data flows underpinning banking, e-commerce, and government services.
This regulatory tightening follows recent NCC efforts to strengthen data protection and network security rules, positioning Nigeria’s telecom sector for resilience against sophisticated cyber intrusions targeting high-value digital gateways.
