Overview of the Cybercrimes Act, 2015


Cybercrime is any criminal activity that involves a computer, networked device or a network. 

Some impacts of Cybercrime are:

  • Damage to investor perception after security breach
  • Loss of sensitive customer data
  • Damaged brand identity and loss of reputation
  • Increased capital cost and investment in preventing cyber attacks and in cyber security
  • Cybercrime may have negative public health and national security implications

                                                                   Nigeria’s Cybercrimes Act, 2015

The objective of the Act is to provide for an effective and unified legal framework to prevent cybercrime in Nigeria, it also ensures the protection of critical national information infrastructure and promotes cyber security and protection of computer systems and networks.

The Act criminalises:

  1. unlawful access to a computer for fraudulent purposes
  2. Trafficking in passwords or similar information through which a computer may be accessed without lawful authority
  3. Acts which may endanger Nigeria’s critical national information infrastructure
  4. Perpetrating electronic fraud through the use of a cyber-café or connivance between the perpetrator and the operator of the cyber café
  5. Unlawful interference with the operations of a computer system
  6. Unlawful interception of electronic mails or electronic money transfers
  7. Wilful misdirection of electronic messages for financial gain or fraudulent purposes
  8. Computer related forgery i.e using the computer to alter documents to produce false documents
  9. Employees of financial institutions involved in computer-related fraud
  10. Stealing of ATMS and other electronic devices used in financial transactions
  11. Use of electronic devices to commit acts of terrorism
  12. Fraudulent issuance of electronic instructions
  13. Online identity theft and impersonation
  14. Child pornography and related offences such as grooming , unsolicited distribution of pornographic images etc
  15. Cyberstalking and cybersquatting
  16. Distribution of racist or xenophobic material on electronic devices
  17. Manipulation of ATM terminals and POS Terminals
  18. Electronic card frauds
  19. Spamming, phishing and malicious spreading of computer viruses

                                                                  Employees’ Responsibility

The Act states that an employee, upon the determination of his employment, must surrender to the employer all codes and access rights that may grant access to the data or premises of the employer.

                                                                       Financial Institutions’ Responsibility


The Act states that no financial institution shall give posting and authorizing access to any single employee. This access must not be given to one person but made multi-person layers to prevent sole access and fraud by a single individual.


Financial institutions must as a duty to their customers put in place effective counter-fraud measures to safeguard their sensitive information. Where a security breach occurs, the proof of negligence lies on the customer to prove the financial institution in question could have done more to safeguard its information integrity.

National Computer Emergency Response Team Coordination Center – Reporting Cyber Threats


The Act mandates any private or public person or institution, who operates a computer system or a network, whether public or private, to immediately inform the National Computer Emergency Response Team (CERT) Coordination Center of any attacks, intrusions and other disruptions liable to hinder the functioning of another computer system or network, so that the National CERT can take the necessary measures to tackle the issues.

The website of NG-CERT is www2.cert.gov.ng

                                                                             Operators of Cybercafe


For operators of cybercafé, the Act provides that they must be registered as a business concern with the Computer Professionals’ Registration Council and they must maintain a register of users through a sign in register.

The website of the Computer Professionals’ Registration Council is http://www.cpn.gov.ng

                                                                       Electronic Signatures


The Act validates the use of electronic signature in purchase of goods and other transactions however it creates exceptions or instances where the use of electronic signature will be invalid

These exceptions are  in  creation and execution of wills, codicils and or other testamentary documents, Death certificate, Birth certificate, matters of family law such as marriage, divorce, adoption and other related issues,  issuance of court orders, notices, official court documents such as affidavit,  pleadings, motions and other related judicial documents and instruments,  any cancellation or termination of utility services, any instrument required to accompany any transportation or handling of dangerous materials either solid or liquid in nature and any document ordering withdrawal of drugs, chemicals and any other material either on the ground that such items are fake, dangerous to the people or the environment or expired by any authority empowered to issue orders for withdrawal of such items.

                              Powers of Law Enforcement Agencies to prosecute and investigate cybercrimes

 The Act gives broad powers to Law Enforcement Agencies to investigate and prosecute cybercrime cases

The mere possession of resources or property for which a suspect cannot reasonably account for or wealth or resources disproportional to a suspect’s known sources of income may be cause for investigation and subsequent prosecution.  

The court shall ensure that all matters brought before it by the Commission against any person, body or authority shall be conducted with dispatch and given accelerated hearing.