By | Destiny Young
Nigeria’s planned national cybersecurity framework is a welcome and necessary intervention. It comes at a time when artificial intelligence driven cyberattacks are increasing in speed, precision, and scale. The framework promises to introduce mandatory cybersecurity spending, breach reporting requirements, and coordinated national response protocols. These measures are important. However, the real challenge lies elsewhere.
Cybersecurity failures in Nigeria’s Ministries, Departments, and Agencies are rarely technical. They are governance failures driven by leadership attitudes.
This distinction matters because technology alone cannot secure an organisation. Leadership determines whether cybersecurity is taken seriously, funded properly, and enforced consistently. Without leadership commitment, even the best technical controls remain ineffective.
Across many MDAs, cybersecurity remains misunderstood at the executive level. It is often treated as a routine IT function, delegated to technical teams without executive oversight. Budgetary provisions for cybersecurity are either absent or grossly inadequate. When budgets are prepared, visible infrastructure such as buildings, vehicles, and equipment receive priority. Cybersecurity, which lacks physical visibility, is neglected.
This neglect reflects a deeper misconception. Many leaders assume that cybersecurity breaches have limited or no consequential impact on organisational operations. This assumption is dangerously incorrect.
Modern government operations depend almost entirely on digital systems. Identity management platforms, financial management systems, procurement systems, and regulatory databases form the backbone of public administration. A successful cyberattack can disrupt these systems, halt government services, compromise sensitive data, and undermine public trust.
The consequences extend beyond technical inconvenience. They affect operational continuity, financial integrity, national security, and institutional credibility.
A compromised financial management system can disrupt salary payments and government transactions. A compromised identity database can expose citizens to fraud and identity theft. A compromised regulatory system can disrupt economic oversight and compliance. These are operational failures, not technical anomalies.
Cybersecurity is therefore not an IT issue. It is an organisational risk management issue. It belongs at the executive level.
This is why the proposed cybersecurity framework is significant. By introducing mandatory cybersecurity spending thresholds and breach reporting requirements, the framework shifts cybersecurity from discretionary technical spending to regulated governance responsibility. It removes the ability of leadership to ignore or defer cybersecurity investment.
This shift is essential because leadership behaviour determines organisational resilience. When leaders prioritise cybersecurity, organisations invest in preventive controls, incident detection capabilities, and response readiness. When leaders neglect cybersecurity, organisations operate in a state of silent vulnerability.
The framework has the potential to correct this imbalance. It introduces regulatory pressure where voluntary action has failed. It establishes accountability where indifference previously existed. It creates a foundation for national cyber resilience.
However, regulation alone is not sufficient. Leadership mindset must evolve.
Leaders in contemporary organisations must recognise cybersecurity as a core business continuity function. It is as essential as finance, legal compliance, and physical security. It protects the operational capability of the organisation. It protects institutional credibility. It protects national infrastructure.
Cybersecurity must become a standing agenda item at executive meetings. It must be reflected in budget priorities. It must be integrated into organisational risk management frameworks. Executive leadership must demand regular cybersecurity risk assessments and readiness reports.
This is standard practice in mature digital economies. Nigerian institutions must adopt the same discipline.
The rise of artificial intelligence driven cyber threats makes this transition urgent. AI enables attackers to automate reconnaissance, generate convincing phishing campaigns, and identify vulnerabilities at scale. Attackers no longer need extensive resources to conduct sophisticated attacks. The barrier to entry has fallen dramatically.
This means that every organisation connected to the internet is a potential target. Government agencies, which manage valuable data and critical infrastructure, are particularly attractive targets.
Leadership must therefore abandon the assumption that cybersecurity incidents are unlikely or inconsequential. This assumption is no longer defensible in a digitally dependent society.
The proposed cybersecurity framework provides the regulatory foundation for improvement. Its success, however, will depend on leadership response.
If leaders treat cybersecurity as a compliance exercise, improvement will be superficial. If leaders recognise cybersecurity as a strategic governance responsibility, improvement will be transformative.
Nigeria’s digital future depends on secure digital infrastructure. Secure digital infrastructure depends on responsible leadership.
Technology alone cannot secure institutions. Leadership must lead security.
About the Author:
Destiny Young is a Technology and IT Infrastructure Management Executive and Cybersecurity Professional with extensive experience in enterprise systems, digital transformation, and cybersecurity management. He holds a First Class Master of Science degree in Digital Transformation, a Distinction grade Master of Business Administration with a specialisation in Cybersecurity, and a Master of Technology degree in Information Technology. His work focuses on strengthening cyber resilience in organisations and examining the relationship between technology, risk, and business strategy. Destiny is also an active academic researcher with a strong interest in cybersecurity governance and threat mitigation. He writes regularly on digital security issues affecting businesses in Nigeria and contributes to industry discussions on cyber risk management and policy development.
