There is a common misconception that security in a country is limited to the protection of land, air, sea and the borders of a country. With the advent of technology and a large number of people becoming cyber-creatures, the security of a country now extends and encompasses the protection of data, critical infrastructure, tangible and intangible assets and anything that may be prone to attack as a result of online activities. 

Cyber law acts as a shield over cyberspace thereby preventing cybercrime from occurring. The government is committed to developing and enforcing regulations to combat illicit online activities[i].

This piece aims at examining the concept of cybercrime, cybersecurity, the position of the law as well as legislative efforts towards implementing and enforcing cybercrimes in Nigeria.


For a proper examination of this discourse, it is imperative to point out the various categories of cybercrimes which includes:

  1. Cybercrime against individuals; This category of crime directly affects persons/individuals. Cybercrimes committed against persons include various crimes like harassment of any one with the use of a computer such as e-mail phishing, social engineering, cyberstalking, amongst others. This crime also extends to the trafficking, distribution, posting and dissemination of obscene material including pornography and indecent exposure.
  1. Cybercrime against property: Some online crimes occur against property, such as a computer or server. These crimes include DDIS[ii], hacking, virus transmission, cybersquatting, computer vandalism, copyright infringement and Intellectual Property Rights violations.
  1. Cybercrime against the Government: The third category of cybercrime is that against the Government. Cyber terrorism is one distinct kind of crime in this category. The growth of internet has shown that the medium of Cyberspace is being used by individuals and groups to threaten the government and citizens of a country.

The laws governing cybersecurity vary greatly from jurisdiction to jurisdiction and from one country to another. Thus, it is pertinent for citizens to be aware of the cyber laws in their specific nations in order to ensure a complete education about cyber related crimes. Depending on the crim, there may be a fine or perhaps jail time as a penalty.

In Nigeria, the primary Legislation concerned with prevention of cybercrimes is the Cybercrime (Prohibition and Prevention) Act, 2015. The Act provides an effective and comprehensive legal, regulatory and institutional framework for the prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria. It further makes provisions which ensures the protection of critical national information infrastructure and promotes cybersecurity.

The succeeding paragraphs will analyse specific provisions of the Cybercrime (Prohibition and Prevention) Act that addresses the different categories of cybercrime.


Cyberbullying and Cyberstalking are the most common forms of cybercrimes against individuals. The Cybercrime (Prohibition and Prevention) Act defines cyberstalking as an intentional act in which the perpetrator transmits or causes the transmission of messages that are grossly offensive or indecent (including pornographic contents) through a computer system, with the intention to bully the receiver and cause intimidation, enmity, hatred or needless anxiety to the receiver[iii]

The Act inter alia states that the perpetrator commits an offence under the Act and shall be liable on conviction to a fine of not more than N7,000,000.00 or imprisonment for a term of not more than 3 years or to both.[iv]

By the provision of this Act, anyone who bullies, threatens or harasses another person by intentionally transmitting through a computer system any information containing any threat to kidnap a person or any treat to harm the person or any demand or request for a ransom for the release of any kidnapped person, to extort the person, firm, association or corporation and such communication places such other person in fear of death, violence or bodily harm[v] is guilty of an offence and is liable to a punishment of a term of 10 years and/or a minimum of N25,000,000[vi].


In simple terms, cybersquatting is the unauthorized registration and use of internet domain names that are identical or similar to existing trademarks, service marks, company names or personal names. Due to the inexpensiveness of domain names, cyber squatters usually buy multiple domain names with the intention of selling it to owners of the businesses, thereby making huge profit from it.

In addressing the issue of cybersquatting, the Cybercrime (Prohibition and Prevention) Act provides that anybody who intentionally takes or makes use of a name, business name, trademark, domain name or other word or phrase registered, owned or in use by any individual, body corporate or belonging to either the Federal, State or Local Governments in Nigeria, on the internet or any other computer network, without authority or right and for the purpose of interfering with their use by the owner, the registrant or legitimate prior user, commits an offence and shall be liable on conviction to imprisonment for a term of not more than 2 years or a fine of not more than N5,000,000.00 or to both fine and imprisonment.[vii]


Cybercrime manifests itself into terrorism when an individual or group of individuals unlawfully attacks and/or threatens to attack the government through the use of computers, networks and the information stored therein with the intention of intimidating or coercing a government or its people in furtherance of political or social objectives or facilitating a crack into a government or military maintained website. For instance, prior to the October 1, 2010 bombing in Abuja, MEND[viii] used the internet to communicate their ploy to security agencies[ix]. An individual who claimed to be a sympathizer of the Boko Haram group gained access into and posted online the profiles of more than fifty former and current State Security Service (SSS) official, including the code number, appointment date, state of origin, bank account amongst others.[x] 

Although, similar provisions are contained in the Terrorism (Prevention) Act, the Cybercrime (Prohibition and Prevention) Act equally provides that any person that accesses or causes to be accessed any computer system or network for purposes of terrorism, commits an offence and is liable on conviction to life imprisonment.[xi]


It is worthy of note that the provision of the Act is not limited to what has been addressed above. The Act inter alia makes provisions for the following;

  • Offences against critical national information infrastructure
  • Hacking Computer Systems and Data Alteration
  • Unauthorized Access of Protected Systems
  • Illegal Registration of Cybercafé or Usage of Unregistered Cybercafé
  • System Interference
  • Interception of electronic messages, email, electronic money transfers
  • Tampering with critical infrastructure
  • Wilful misdirection of electronic messages
  • Unlawful interceptions
  • Computer related forgery
  • Computer related fraud
  • Theft of Electronic Devices
  • Unauthorised modification of computer systems, network data and system interference
  • Publishing False Digital Signature and Certificates
  • Cyber terrorism
  • Exceptions to financial institutions posting and authorised options
  • Fraudulent issuance of e­-instructions
  • Tampering with Computer Source Documents
  • Identity theft and impersonation
  • Child pornography and related offences
  • Cyberstalking
  • Cybersquatting
  • Racist and xenophobic offences
  • Attempt, conspiracy, aiding and abetting
  • Importation and fabrication of e-­tools
  • Breach of Confidentiality and Privacy
  • Manipulation of ATM/POS Terminals
  • Phishing, spamming, spreading of computer virus
  • Electronic cards related fraud
  • Use of fraudulent device or attached e­-mails and websites


Cybercrimes is on the rise in Nigeria due mostly to ineffectiveness and non-enforcement of the laws meant to combat same. While the Cybercrimes Act, Terrorism Act, Criminal Code, Criminal Laws of States, etc all contain provisions meant to combat cybercrimes and cybersecurity, the absence of a proper and clear-cut enforcement mechanism has led to a surge in criminal activities in the cyberspace. It is however, believed that with the proper implementation and enforcement mechanism in place, the lacunas in the cybercrimes and cybersecurity laws would be cured at least to a reasonable extent. Thereby leading to a drastic reduction in cybercrimes.

[i]     accessed on August, 20 2022 at 8:42am

[ii] Distributed Denial of Service Attacks

[iii] Section 24 (1) Cybercrime (Prohibition and Prevention) Act, 2015

[iv] See Section 24 (b) Ibid.

[v] Section 24 (2) Cybercrime (Prohibition and Prevention) Act, 2015

[vi] Section 24(2)(c)(i) Cybercrime (Prohibition and Prevention) Act, 2015

[vii] Section 25 Cybercrime (Prohibition and Prevention) Act, 2015

[viii] Movement for the Emancipation of Niger Delta

[ix] Nigeria explosion: Independence celebrations marred by violence – accessed on August 20, 2022

[x]  “Boko Haram” Sympathizer Obtains Personnel Records of SSS Employees and Posts Them Online | Sahara Reporters accessed on August 21, 2022

[xi] Section 18(1) Cybercrime (Prohibition and Prevention) Act, 2015

Written by Daniella Ogbonnaya  and Muhiz Babatunde Adisa for The Trusted Advisors

Email us: [email protected]

Telephone Number: +234 810 159 9159

Open chat
Hello 👋
Thank you for getting in touch, how can we help you?