NCC Orders Telecoms to Report Cyber Threats Within 4 Hours Innovation Village Technology Product Reviews Business
NCC Orders Telecoms to Report Cyber Threats Within 4 Hours 0
By Jessica Adiele on March 5, 2026Telecoms
Nigeria’s telecommunications regulator, the Nigerian Communications Commission (NCC), has directed telecom operators to notify the commission within four hours of detecting any cyberattack. The directive is contained in the Cyber Resilience Framework for Nigeria’s Communications Sector (CRF-NCS) released in February 2026.
The rule will take effect in February 2027 and forms part of the regulator’s broader efforts to strengthen cybersecurity across the country’s telecom infrastructure while protecting subscriber data.
Under the new framework, operators such as MTN Nigeria, Airtel Nigeria, Globacom, and T2 Moblie must report cyber incidents quickly through a dedicated reporting portal. The commission said the measure is designed to improve response time, enhance sector-wide coordination, and reduce the potential impact of cyberattacks on telecommunications networks.
Mandatory Updates After Initial Report
Beyond the initial four-hour notification window, telecom companies are also required to provide continuous updates every four hours following the detection of an incident.
Additionally, operators must submit a comprehensive confirmation report within 24 hours outlining the nature of the attack, mitigation steps taken, and the current status of the affected systems.
The NCC said this structured reporting system will allow regulators to monitor threats in real time and coordinate responses where necessary.
Rising Cybersecurity Risks in Telecoms
Telecommunications companies are increasingly attractive targets for cybercriminals due to the massive amount of sensitive data they manage.
Cyberattacks in the sector can lead to subscriber data breaches, network disruptions, malware infections, and targeted system attacks. Because telecom infrastructure supports critical national communications, a successful attack can have far-reaching consequences.
The NCC explained that the Cyber Resilience Framework introduces a sector-specific cybersecurity strategy designed to help telecom operators anticipate, detect, respond to, and recover from cyber incidents.
According to the commission, the framework is intended to strengthen the overall situational awareness of cyber threats across Nigeria’s telecom ecosystem while ensuring that operators adopt stronger risk-management practices.
Cyber Security Operations Centres Required
As part of the new cybersecurity standards, telecom operators must establish a Cyber Security Operations Centre (SOC) to monitor networks for suspicious or malicious activities.
These centres will play a critical role in detecting threats early and ensuring that incidents are quickly reported to regulators.
Operators are also required to appoint a dedicated cybersecurity officer responsible for working closely with the NCC’s Computer Security Incident Response Team (NCC-CSIRT) to facilitate information sharing and coordinated responses during cyber incidents.
The commission said these measures will help build a more resilient telecom sector capable of responding effectively to evolving cybersecurity threats.
NCC Tightens Data Protection Oversight
The Cyber Resilience Framework is part of a broader regulatory push by the NCC to strengthen data protection and privacy standards in Nigeria’s telecommunications sector.
Earlier this year, the commission also introduced a rule requiring telecom operators to notify affected subscribers within 48 hours whenever a data breach occurs. This directive was included in the revised Internet Code of Practice 2026.
The regulation aims to ensure that customers are promptly informed when their personal data may have been compromised, allowing them to take necessary precautionary measures.
Protecting Nigeria’s Digital Infrastructure
The NCC noted that the new cybersecurity framework reflects the growing importance of protecting Nigeria’s digital infrastructure as telecom networks continue to support financial services, digital identity systems, and government platforms.
With the increasing volume of sensitive data — including biometric records, financial information, and national identification details — regulators are placing greater emphasis on strict compliance and responsible data handling.
According to the commission, the new framework will help create a more secure communications environment, ensuring that telecom operators identify and mitigate threats before they escalate into large-scale disruptions.
As Nigeria’s digital economy expands, the NCC believes stronger cybersecurity coordination between regulators and operators will be essential to safeguarding both infrastructure and consumer data.
By Jessica Adiele on March 5, 2026Telecoms
Nigeria’s telecommunications regulator, the Nigerian Communications Commission (NCC), has directed telecom operators to notify the commission within four hours of detecting any cyberattack. The directive is contained in the Cyber Resilience Framework for Nigeria’s Communications Sector (CRF-NCS) released in February 2026.
The rule will take effect in February 2027 and forms part of the regulator’s broader efforts to strengthen cybersecurity across the country’s telecom infrastructure while protecting subscriber data.
Under the new framework, operators such as MTN Nigeria, Airtel Nigeria, Globacom, and T2 Moblie must report cyber incidents quickly through a dedicated reporting portal. The commission said the measure is designed to improve response time, enhance sector-wide coordination, and reduce the potential impact of cyberattacks on telecommunications networks.
Mandatory Updates After Initial Report
Beyond the initial four-hour notification window, telecom companies are also required to provide continuous updates every four hours following the detection of an incident.
Additionally, operators must submit a comprehensive confirmation report within 24 hours outlining the nature of the attack, mitigation steps taken, and the current status of the affected systems.
The NCC said this structured reporting system will allow regulators to monitor threats in real time and coordinate responses where necessary.
Rising Cybersecurity Risks in Telecoms
Telecommunications companies are increasingly attractive targets for cybercriminals due to the massive amount of sensitive data they manage.
Cyberattacks in the sector can lead to subscriber data breaches, network disruptions, malware infections, and targeted system attacks. Because telecom infrastructure supports critical national communications, a successful attack can have far-reaching consequences.
The NCC explained that the Cyber Resilience Framework introduces a sector-specific cybersecurity strategy designed to help telecom operators anticipate, detect, respond to, and recover from cyber incidents.
According to the commission, the framework is intended to strengthen the overall situational awareness of cyber threats across Nigeria’s telecom ecosystem while ensuring that operators adopt stronger risk-management practices.
Cyber Security Operations Centres Required
As part of the new cybersecurity standards, telecom operators must establish a Cyber Security Operations Centre (SOC) to monitor networks for suspicious or malicious activities.
These centres will play a critical role in detecting threats early and ensuring that incidents are quickly reported to regulators.
Operators are also required to appoint a dedicated cybersecurity officer responsible for working closely with the NCC’s Computer Security Incident Response Team (NCC-CSIRT) to facilitate information sharing and coordinated responses during cyber incidents.
The commission said these measures will help build a more resilient telecom sector capable of responding effectively to evolving cybersecurity threats.
NCC Tightens Data Protection Oversight
The Cyber Resilience Framework is part of a broader regulatory push by the NCC to strengthen data protection and privacy standards in Nigeria’s telecommunications sector.
Earlier this year, the commission also introduced a rule requiring telecom operators to notify affected subscribers within 48 hours whenever a data breach occurs. This directive was included in the revised Internet Code of Practice 2026.
The regulation aims to ensure that customers are promptly informed when their personal data may have been compromised, allowing them to take necessary precautionary measures.
Protecting Nigeria’s Digital Infrastructure
The NCC noted that the new cybersecurity framework reflects the growing importance of protecting Nigeria’s digital infrastructure as telecom networks continue to support financial services, digital identity systems, and government platforms.
With the increasing volume of sensitive data — including biometric records, financial information, and national identification details — regulators are placing greater emphasis on strict compliance and responsible data handling.
According to the commission, the new framework will help create a more secure communications environment, ensuring that telecom operators identify and mitigate threats before they escalate into large-scale disruptions.
As Nigeria’s digital economy expands, the NCC believes stronger cybersecurity coordination between regulators and operators will be essential to safeguarding both infrastructure and consumer data.
