Today, cybersecurity has become a critical concern for organizations worldwide. The recent introduction of a cybersecurity levy by the Central Bank of Nigeria (CBN) underscores this reality and serves as a wake-up call for Nigerian organizations to prioritize cybersecurity.

The Cybersecurity Levy

The CBN’s decision to introduce a cybersecurity levy on electronic transactions has resulted in mixed feelings by many. Many Nigerians have expressed concern that the levy will increase their financial burdens. The levy is set at 0.5% of the value of electronic transactions which some Nigerians say will push them back to using cash. They argue that this comes at a time when many people are struggling to afford basic items due to the country’s economic crisis.

There are also concerns that the levy could hurt small businesses. For example, if a business transfers a million naira, five thousand naira gets deducted as a cybersecurity levy. This could be a significant amount for small businesses operating on thin margins. Some Nigerians further question the government’s priorities amidst prevailing socio-economic challenges. They argue that the government should focus on policies that protect the interests of its citizens and alleviate their financial burdens.

However, this move not only highlights the increasing threats in the digital landscape but also brings to the fore the potential financial implications for organizations. It’s a clear signal that cybersecurity is no longer an option but a necessity in Nigeria.

Many organizations around the world have suffered from cybersecurity breaches. In August 2013, Yahoo experienced a massive data breach impacting 3 billion accounts. The breach was revealed almost seven years after the initial incident and four years after the true number of records exposed was disclosed

In May 2024, Dropbox reported that its Dropbox Sign service had been accessed by a threat actor, who could see data including email addresses, phone numbers, hashed passwords, and multi-factor authenticator details. A month later, streaming provider Roku revealed that it suffered a data breach back in March. Over half a million (576,000) customers had their data compromised in the attack

These examples highlight the importance of prioritizing cybersecurity. A breach can lead to significant financial losses, damage to reputation, and loss of customer trust. Therefore, organizations must invest in robust cybersecurity measures to protect their data and operations.

Moreover, the levy sends a message to organizations about the government’s stance on cybersecurity. It shows that the government is taking it seriously and expects organizations to do the same. This is also underscored by the fact that all institutions are tasked with collecting and remitting the cybersecurity levy to the National Cybersecurity Fund, which is administered by the Office of the National Security Adviser (ONSA). The ONSA’s role in this context is to ensure that the funds collected are used effectively to enhance the security framework of financial operations across the country.

Making Cybersecurity a Priority

In light of these developments, organizations should prioritize cybersecurity. They can do this by investing in cybersecurity infrastructure, training, and awareness programs. It’s not just about complying with the new levy but about protecting the organization’s operations and reputation from cyber threats.

Organizations can start by conducting a comprehensive cybersecurity risk assessment. This will help identify potential vulnerabilities and areas that need improvement. Following this, organizations can develop and implement a robust cybersecurity strategy tailored to their specific needs.

Training is another crucial aspect. Employees often represent the first line of defense against cyber threats. Therefore, organizations must invest in regular cybersecurity training to equip employees with the skills and knowledge they need to identify and respond to cyber threats.

The introduction of the cybersecurity levy clearly indicates the increasing importance of cybersecurity today. After all, in the digital age, cybersecurity is not just an IT issue but a business one that affects all aspects of an organization.