Section 21 Cybercrimes Act

Section 21 of the Nigerian Cybercrimes (Prohibition, Prevention, Etc.) Act, 2015 is about Reporting of cyber threats. It is under Part III (Offences and Penalties) of the Act.

(1) A Person or Institution who operates a Computer System or a Network, whether Public or Private, shall immediately inform the National Computer Emergency Response Team (CERT) Co-ordination Center of any attack, intrusion and other disruption liable to hinder the functioning of another Computer System or Network, so that the National Computer Emergency Response Team Co-ordination Center through their respective sectoral CERTs or sectoral Security Operations Centres (SOC) can take the necessary measures to tackle the issues.

(2) In such cases mentioned in subsection (1) above, and in order to protect computer systems and networks, the National CERT Coordination Center may propose the isolation of affected computer systems or network pending the resolution of the issues.

(3) Any person or institution who fails to report any such incident to the National CERT within 72 hours of its detection, commits an offence and shall be liable to denial of internet services. Such persons or institution shall in addition, pay a mandatory fine of N2, 000,000.00 into the National Cyber Security Fund.