The Lagos State Government has unveiled a comprehensive set of cybersecurity guidelines to strengthen digital safety across businesses, public institutions, and residents.
This was disclosed by the Commissioner for Information and Strategy, Gbenga Omotoso, in a statement announcing the new framework.
The move is part of efforts to position Lagos as a secure and globally competitive digital hub amid rising cyber threats, with Nigeria recording $500 million (approximately N250 billion) in annual losses to cybercrime.
The framework was developed with input from the Lagos State Cybersecurity Advisory Council, chaired by Fene Osakwe.
What the government is saying
The state government said the guidelines provide a practical, scalable framework to help organisations protect their systems and data against evolving cyber risks.
- “While Lagos is rapidly evolving into a SMART City, this progress brings heightened vulnerability to cyber threats.
- The newly issued guidelines, available at https://lagosstate.gov.ng/cybersecguide, outline clear, practical, and scalable cybersecurity best practices for small businesses, medium and large enterprises, and Ministries, Departments, and Agencies (MDAs),” they stated
- According to the government, the framework is aligned with key national regulations, including the Cybercrime Act (2024), the Nigeria Data Protection Act (2023), and the National Cybersecurity Policy and Strategy (2021).
- The guidelines place significant responsibility on small and medium-sized enterprises (SMEs); organisations are expected to adopt data minimisation principles, implement secure storage systems with encryption, and develop clear incident response plans to address potential breaches.
- They are also required to report incidents to relevant authorities, including ngCERT, within 72 hours, and notify the Nigeria Data Protection Commission as well as affected customers where breaches occur.
It added that the guidelines are not mandatory regulations but tools to help stakeholders adopt effective cybersecurity practices.
More insights
The framework emphasised that cybersecurity is a shared responsibility, noting that secure businesses and government systems support economic stability, and resilient infrastructure attracts global investment.
- Organisations are also advised to assess the cybersecurity posture of third-party vendors, cloud providers, and service partners as part of a broader risk management strategy.
- The government further urged organisations to take immediate action by conducting cybersecurity self-assessments, implementing foundational security controls, investing in staff awareness, and collaborating with state-led cybersecurity initiatives.
- It also emphasised the need to integrate monitoring and evaluation metrics to track progress and ensure continuous improvement.
The government acknowledged the role of the Commissioner for Innovation, Science and Technology, Tubosun Alake, in driving the initiative
What you should know
Lagos is widely regarded as Africa’s fastest-growing digital economy, with over 22 million residents actively using digital platforms and a startup ecosystem valued at about $15.3 billion, highlighting the scale of its digital footprint and exposure to cyber risks.
Globally, the average cost of a data breach stands at about $4.45 million per incident, with Nigeria having recorded over N1.1 trillion in cybercrime losses in the past three years, with N53.4 billion lost in 2024 alone.
