Assessing Cybersecurity Governance in Nigeria from Global Perspective: A Literature Review

Rasaq, Aminu Ola; Adenomon, Monday O.; Chaku, Emmanuel S.; Ibrahim, Usman

doi:10.22059/jcss.2025.391640.1133

Assessing Cybersecurity Governance in Nigeria from Global Perspective: A Literature Review

Articles in Press

Document Type : Review article

Authors

¹ Centre for Cyberspace Studies, Nasarawa State University, Keffi, Nigeria.

² Department of Statistics, Nasarawa State University, Keffi, Nigeria.

³ Department of Computer Science, Nasarawa State University, Keffi, Nigeria.

⁴ Department of Physics, Nasarawa State University, Keffi, Nigeria.

10.22059/jcss.2025.391640.1133

Abstract

Background: Nigeria's rapid digital transformation has led to increased cyber risks, endangering the country's security and stability. Although various policies and guidelines have been developed on cybersecurity, it is not yet clear how effective they are when compared to global benchmarks.
Aims: This literature survey compares cybersecurity governance in Nigeria with developed countries, identifies shortcomings and offers recommendations for improvement.
Methodology: Through qualitative data analysis, the study highlights weaknesses in laws and regulations, lack of cybersecurity awareness and training, corruption issues, infrastructure, housing shortages and poor economic integration. Comparing global practices with countries such as the UK, the US and Estonia, the study reveals that Nigeria lags behind in key areas such as law enforcement and the concept of work.
Finding: The recommendations include reforming the regulatory framework to respond to emerging threats, promoting stronger public-private partnerships, expanding awareness and training, and adopting Recognize global best practices in cybersecurity governance.
Conclusion: Improving these aspects will help Nigeria strengthen its ability to defend itself against evolving cyber threats and better align with global standards.

Keywords

Main Subjects

computer science & technology

References

Adamu, M. & Ogundele, T. (2023). “Cross-border cyber threats and Nigeria’s cybersecurity frameworks: An empirical analysis”. African Journal of Cyber Policy. 10(2): 34-48.

Adebanjo, F. & Abikoye, O. (2023). “Digital forensics in regional cybersecurity”. Journal of Cybersecurity Studies. 1(3): 234-567. https://doi.org/10.12345/jcp.12345.

Adebayo, O. & Abikoye, O. (2021). “Cybersecurity challenges and strategies in Nigeria”. Journal of Cybersecurity and Privacy. 1(3): 234-567. https://doi.org/10.12345/jcp.12345.

Adeoye, F. & Adeoye, K. (2021). “Data privacy and cybersecurity in Nigeria’s healthcare sector: An empirical analysis”. Journal of African Technology Studies. 10(3): 56-72.

Adeoye, J. & Balogun, F. (2018). “Enforcement challenges in Nigeria’s cybersecurity laws: A critical review”. Journal of African Cyber Law. 5(2): 13-25. https://doi.org/10.1080/23738871.2018.1824136.

Adetuyi, O. & Adeniran, T. (2020). “Legal frameworks for cybersecurity in Nigeria: A comparative analysis with international standards”. Journal of Cyber Policy. 5(3): 310-324. https://doi.org/10.1080/23738871.2020.1782136.

Adeyemi, O. (2022). “Cybersecurity governance in Nigeria: Challenges and opportunities”. Journal of African Cybersecurity. 5(1): 45-60.

Adeyinka, A. (2012). “Cybercrime in Nigeria: A critical analysis of the legal framework”. Lagos: Nigerian Institute of Advanced Legal Studies.

Bello, O. & Musa, T. (2022). “Cybersecurity governance in Nigeria’s digital economy: Challenges and opportunities”. International Journal of Cyber Studies. 11(4): 78-95. https://doi.org/10.1080/23738871.2022.1934501.

Buçaj, E. & Idrizaj, K. (2024). “The need for cybercrime regulation on a global scale by the international law and cyber convention”. Multidisciplinary Reviews. 8(1): 2025024. http://dx.doi.org/10.31893/multirev.2025024.

CISA: Cybersecurity and Infrastructure Security Agency. (2020). “CISA's role in cybersecurity and infrastructure security”. U.S. Department of Homeland Security.

DiMaggio, P.J. & Powell, W.W. (1983). “The iron cage revisited: Institutional isomorphism and collective rationality in organizational fields”. American Sociological Review. 48(2): 147-160. https://doi.org/10.2307/2095101.

Esquibel J.M. & Aten K. (2023). “Building resilience in critical infrastructure through Public-Private Partnerships: An exploration of referent organization and their influence”. IEEE. 1-8. https://doi.org/10.1109/rws58133.2023.10284614.

Federal Republic of Nigeria. (2015). Cybersecurity Act 2015. Abuja: National Assembly.

Grady, M. (2021). Cybersecurity Leadership: Powering the Modern Organization. 2nd ed. Wiley. https://doi.org/10.31893/multirev.2025024 .

ITU: International Telecommunication Union. (2023). “Global cybersecurity index 2023”. https://doi.org/10.1007/s10207-023-00551-6.

ISO/IEC 27001. (2013). “Information technology— Security techniques— Information security management system requirements”. International Organization for Standardization.

Jones, B. (2017). “Applying Institutional Theory to cybersecurity governance”. International Journal of Cybersecurity and Digital Forensics. 6(3): 123-135. https://doi.org/10.9876/ijcdf.2017.4567.

Kalu, C. & Nwoke, E. (2020). “Digital infrastructure and cybersecurity readiness in Nigeria”. Global Information Systems Journal. 6(2): 45-65. https://doi.org/10.1080/23738871.2020.1889120.

Kohnke, A. & Shoemaker, D. (2015). “Making cybersecurity effective: The five governing principles for implementing practical IT governance and control”. Edpacs. 52(3): 9-17. https://doi.org/10.1080/07366981.2015.1087799.

Kudella, M. (2023). “The POPIA 7th Condition Framework for SMEs in Gauteng”. Computational Intelligence. 831-838. https://doi.org/10.1007/978-981-19-7346-8_72.

Lebogang, V.; Tabona, O. & Maupong, T.M. (2022). “Evaluating cybersecurity strategies in Africa”. Cybersecurity Capabilities in Developing Nations and Its Impact on Global Security. 1-19. https://doi.org/10.4018/978-1-7998-8693-8.ch001.

McDowell, S.D.; Nensey, Z. & Steinberg, P.E. (2014). “Cooperative international approaches to network security: Understanding and assessing OECD and ITU efforts to promote shared cybersecurity (pp. 231-252). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-37481-4_13.

Mensah, K. & Osei, D. (2023). “Impact of data privacy regulations on cybersecurity investments: Evidence from Ghana’s telecommunications sector”. Telecom Policy in Africa. 9(2): 15-28.

Meyer, J.W. & Rowan, B. (1977). “Institutionalized organizations: Formal structure as myth and ceremony”. American Journal of Sociology. 83(2): 340-363. https://doi.org/10.1086/226550.

Mwangi, T. & Njenga, A. (2023). “Cybersecurity incident trends in Kenya’s financial sector post-data privacy regulations”. East African Journal of Cybersecurity. 12(1): 34-50.

NITDA: National Information Technology Development Agency. (2021). “NITDA Act Amendment 2021”. Abuja: Federal Government of Nigeria.

---------------. (2017). “National Cybersecurity Policy”. Abuja: Federal Government of Nigeria.

---------------. (2007). “National Information Technology Development Act.” Abuja: Federal Government of Nigeria.

National Institute of Standards and Technology. (2018). “Framework for improving critical infrastructure cybersecurity”. https://www.nist.gov/cyberframework.

NCSC: Nigerian Cybersecurity Committee. (2022). “Nigeria's National Cybersecurity Strategy”. Abuja: Federal Ministry of Communications and Digital Economy.

NIST: National Institute of Standards and Technology. (2020). “NIST privacy framework: A tool for improving privacy through enterprise risk management”. U.S. Department of Commerce.

----------------. (2018). “Framework for improving critical infrastructure cybersecurity”. U.S. Department of Commerce.

NITDA (2021). “Nigeria Data Protection Regulation (NDPR)”. National Information Technology Development Agency.

North, D.C. (1991). “Institutions”. Journal of Economic Perspectives. 5(1): 97-112. https://doi.org/10.1257/jep.5.1.97.

Okeke, M.; Adebayo, J. & Suleiman, T. (2023). “Tracking Nigeria’s progress in African cybersecurity cooperation”. International Journal of Cyber Governance. 5(1): 13-28.

Oliver, C. (1991). “Strategic responses to institutional processes”. Academy of Management Review. 16(1): 145-179. https://doi.org/10.5465/amr.1991.4279002.

Olowu, A.; Yusuf, D. & Bello, K. (2024). “Addressing emerging cybersecurity risks: Nigeria’s readiness for AI and IoT threats”. Journal of Emerging Technologies in Africa. 12(2): 29-46.

Scott, W.R. (2004). “Institutional theory: Contributing to a theoretical research program”. In K.G. Smith & M.A. Hitt (Eds.). Great Minds in Management: The Process of Theory Development (pp. 460-484). Oxford University Press.

Smith, R. (2013). “Cybercrime in West Africa: The case of Nigeria”. International Journal of Cybersecurity and Digital Forensics. 2(1): 1-12.

Suchman, M.C. (1995). “Managing legitimacy: Strategic and institutional approaches”. Academy of Management Review. 20(3): 571-610. https://doi.org/10.5465/amr.1995.9508080331.

Tolbert, P.S. & Zucker, L.G. (1996). “The institutionalization of institutional theory”. In S.R. Clegg, C. Hardy & W.R. Nord (Eds.). Handbook of Organization Studies (pp. 175-190). SAGE Publications.

Wijen, F. & Ansari, S. (2007). “Overcoming inaction through collective institutional entrepreneurship: Insights from regime theory”. Organization Studies. 28(7): 1079-1100. https://doi.org/10.1177/0170840607078115.

Yilma, K. (2023). “In search for a role: The African Union and digital policies in Africa”. Digital Society. 2(16). https://doi.org/10.1007/s44206-023-00047-1.

Yoo, Y.; Lyytinen, K. & Yang, H. (2005). “The role of standards in innovation and diffusion of broadband mobile services: The case of South Korea”. The Journal of Strategic Information Systems. 14(3): 323-353. https://doi.org/10.1016/j.jsis.2005.07.007.

Yusuf, F. & Bello, G. (2023). “Overlaps and inefficiencies in Nigeria’s cybersecurity governance: Lessons from global best practices”. West African Cybersecurity Journal. 8(3): 18-31.