.png)
2 hours ago
1
The Nigerian Communications Commission (NCC) has directed mobile network operators and other communications service providers to report any cyberattack within four hours of detecting it.
The regular aims to strengthen the security of the country’s telecom infrastructure and protect the data of millions of subscribers.
The new requirement will take effect in February 2027, giving operators a year to upgrade their monitoring systems and build the rapid-response reporting structures required under the directive.
New Rules for Faster Incident Reporting
The order forms part of the Cyber Resilience Framework for the Nigerian Communications Sector (CRF-NCS), released by the Nigerian Communications Commission (NCC) in February 2026.
The framework brings strong procedures for how telecom companies must handle and report cybersecurity incidents.
Under the new guidelines, operators must quickly notify the regulator once a cyber threat is detected and continue to provide updates until the incident is fully resolved.
“Under the framework, telecommunications companies must alert the regulator within four hours of detecting a cyber incident and continue to provide updates every four hours until the situation is contained. Operators are also required to submit a confirmation report within 24 hours through a dedicated reporting portal,” the framework states.
Regulators say the goal is to prevent minor security breaches from escalating into major service disruptions or large-scale data leaks that could affect Nigeria’s digital economy.
Mandatory 24/7 Security Monitoring
To meet the new reporting timeline, the NCC has also mandated telecom operators to establish dedicated Security Operations Centres (SOCs).
These centres will monitor network activity round the clock, allowing companies to quickly identify suspicious behaviour, malware or hacking attempts.
Beyond detection, the centres are expected to coordinate rapid responses when threats occur.
“The framework also requires telecommunications companies to establish dedicated Security Operations Centres (SOC) to monitor networks continuously for suspicious activity and cyber threats. These centres are expected to detect and report malicious activities promptly while coordinating responses internally,” the regulator said.
Industry Collaboration and Threat Intelligence
The framework also places strong emphasis on collaboration across the telecom sector. Each operator must appoint a cybersecurity lead who will work directly with the commission’s Computer Security Incident Response Team (CSIRT).
The aim is to improve intelligence sharing across networks. If one operator experiences a specific cyber threat, others can be alerted quickly and take preventive action.
“In addition, each operator must designate a cybersecurity lead responsible for working with the commission’s Computer Security Incident Response Team (CSIRT) to share intelligence and coordinate responses to incidents affecting the communications ecosystem,” the NCC noted.
Protecting Critical Digital Infrastructure
Telecommunications networks now underpin many essential services in Nigeria, from mobile banking to government platforms and everyday internet access.
A major cyberattack on telecom infrastructure could disrupt communication services and affect large parts of the digital economy.
As a result, regulators have been tightening cybersecurity requirements across the industry. The revised Internet Code of Practice introduced in 2026 already requires operators to inform customers if their personal data has been compromised.
“In a related move, operators are now required under the revised Internet Code of Practice 2026 to notify customers of any data breach affecting their personal information within 48 hours of discovery,” the commission added.
Building a Stronger Cybersecurity Framework
According to the NCC, the cyber resilience framework is part of broader efforts to strengthen the security of Nigeria’s communications infrastructure and create a coordinated approach to cyber threats across the sector.
“The NCC said the new framework forms part of broader efforts to strengthen resilience across Nigeria’s communications infrastructure and promote a unified cybersecurity posture in the sector,” the statement said.
With the February 2027 deadline in view, telecom operators are expected to invest in stronger monitoring systems and cybersecurity capabilities to comply with the new rules.
The post NCC Gives Telcos 4-Hour Deadline to Report Cyberattacks appeared first on Tech | Business | Economy.
