The Nigerian Communications Commission (NCC) has directed telecommunications companies in Nigeria to report cyberattacks within four hours of detecting them, as part of new measures to strengthen cybersecurity in the country’s communications sector.
The directive forms part of the Cyber Resilience Framework for the Nigerian Communications Sector (CRF-NCS) released by the regulator in February 2026, aimed at protecting telecom infrastructure and the personal data of millions of subscribers.
New Reporting Rule for Cyber Incidents
Under the new framework, telecommunications operators must notify the NCC within four hours of identifying a cyber incident. They are also required to continue submitting updates every four hours until the threat has been fully contained.
In addition, telecom operators must submit a detailed confirmation report within 24 hours through a dedicated reporting portal managed by the regulator.
The rule applies to mobile network operators, internet service providers, infrastructure companies, and other communications service providers operating within Nigeria’s telecom ecosystem.
Compliance Deadline Set for 2027
The NCC said the regulation will take effect in February 2027, giving telecom operators about a year to upgrade their cybersecurity systems and establish rapid-response mechanisms required under the framework.
During this transition period, operators are expected to develop stronger monitoring tools and reporting structures to ensure compliance with the new cybersecurity requirements.
Mandatory Security Operations Centres
To meet the new reporting timeline, telecom companies must also establish Security Operations Centres (SOCs) to monitor network activity around the clock.
These centres will help detect suspicious activities such as malware infections, hacking attempts, and distributed denial-of-service (DDoS) attacks. Once a threat is detected, operators must immediately begin containment procedures and notify the NCC.
The framework also requires each telecom operator to designate a cybersecurity lead who will coordinate with the NCC’s Computer Security Incident Response Team (CSIRT) to share threat intelligence and manage incident responses.
Protecting Nigeria’s Digital Infrastructure
The NCC says the new policy is designed to strengthen sector-wide cyber resilience and ensure faster responses to threats that could disrupt critical communications infrastructure.
Telecom networks now support key digital services such as mobile banking, government platforms, and internet connectivity, making them an increasingly attractive target for cybercriminals.
By introducing rapid reporting requirements, the regulator aims to improve coordination between operators and prevent cyber incidents from escalating into major outages or data breaches affecting millions of users.
