Senator Shehu Umar Buba, Chairman of the Senate Committee on National Security and Intelligence, has provided clarification regarding the cybersecurity levy recently announced by the Central Bank of Nigeria (CBN). Contrary to misconceptions, Senator Buba emphasized that the levy is not aimed at individuals operating bank accounts but is specifically targeted at financial institutions and telecommunication companies.
In a statement released in Abuja, Senator Buba, who sponsored the amendment bill, explained that the levy is intended to bolster cybersecurity measures and enhance national security by addressing vulnerabilities within the financial and telecommunications sectors. He highlighted the susceptibility of these sectors to financial crimes and cyber fraud, underscoring the importance of implementing robust cybersecurity measures to safeguard against such threats.
Addressing concerns raised by the public, Senator Buba reiterated that the Cybercrime Act clearly delineates the businesses responsible for paying the levy, emphasizing that it does not impose financial obligations on Nigerian citizens or individuals. He further pointed out that telecommunications companies, Internet Service Providers, banks, insurance companies, the Nigerian Stock Exchange, and other financial institutions are the entities mandated to pay the levy as outlined in the Cybercrime Act 2015.
Moreover, Senator Buba referenced previous circulars issued by the Central Bank of Nigeria, particularly in 2018, which listed the organizations within the specified sectors required to pay the levy. He noted that the recent circular from the CBN has provided additional exemptions, further clarifying the scope of the levy.
The senator’s clarification aims to dispel misconceptions and provide clarity on the intended beneficiaries and obligations outlined in the cybersecurity levy. As Nigeria continues to strengthen its cybersecurity infrastructure to combat emerging threats, stakeholders within the financial and telecommunications sectors are urged to comply with regulatory requirements to ensure the resilience and security of critical systems and infrastructure.
