NCC Gives Telcos Four Hours to Report Cyberattacks
The Nigerian Communications Commission (NCC) has directed mobile network operators and other communications service providers in Nigeria to report any cyber attack within four hours of detection, as part of new measures aimed at strengthening the security of the country’s telecommunications infrastructure.
The directive is contained in the Cyber Resilience Framework for the Nigerian Communications Sector (CRF-NCS), released by the commission in February 2026.
According to the regulator, the rule will take effect in February 2027, giving operators about one year to upgrade their monitoring systems and establish rapid-response reporting structures required under the framework.
Under the new guidelines, telecommunications companies must immediately notify the NCC once a cyber threat is detected and provide updates every four hours until the incident is fully contained.
The framework states that operators are also required to submit a confirmation report within 24 hours through a dedicated reporting portal.
The commission said the move is designed to prevent minor security breaches from escalating into major disruptions or large-scale data leaks that could affect millions of telecom subscribers and the wider digital economy.
To comply with the new reporting timeline, telecom operators will also be required to establish dedicated Security Operations Centres (SOCs).
These centres are expected to monitor network activity around the clock to quickly identify suspicious behaviour, malware, or hacking attempts. They will also coordinate rapid responses whenever cyber threats occur.
The NCC noted that continuous monitoring will enable operators to detect malicious activities quickly and report them promptly to the regulator.
The framework also introduces new collaboration requirements across the telecommunications industry.
Each operator must appoint a cybersecurity lead who will work directly with the commission’s Computer Security Incident Response Team (CSIRT) to share intelligence and coordinate responses to cyber incidents affecting the communications ecosystem.
The NCC said the arrangement would allow operators to alert one another about emerging threats, enabling preventive action across networks.
Telecommunications networks now support many critical services in Nigeria, including mobile banking, digital government platforms and everyday internet connectivity.
Regulators warn that a major cyber attack on telecom infrastructure could disrupt communication services and undermine key parts of the country’s digital economy.
In a related measure, the commission noted that the revised Internet Code of Practice introduced in 2026 already requires operators to notify customers within 48 hours if their personal data has been compromised.
The NCC said the cyber resilience framework forms part of broader efforts to strengthen the security of Nigeria’s communications infrastructure and promote a coordinated response to cyber threats across the sector.
With the February 2027 implementation deadline approaching, telecom operators are expected to invest in stronger monitoring systems and enhanced cybersecurity capabilities to comply with the new rules.
 has directed mobile network operators and other communications service){kind=link}