Authored By: Adio, Favour Ayomide
Lagos State University, Ojo
INTRODUCTION
This study shall examine the various cybercrimes as found in the Cybercrime Act and when liability shall arise from it when such an act is performed in cyberspace.
Definition of cybercrime
Cybercrime is any illegal or criminal activity carried out using computers, networks, or the internet.[1] An illegal or criminal activity in the sense that any action that goes against the law of a country or state or something prohibited by legislation, and if someone engages in it, they can face criminal liability in the form of a penalty or punishment already prescribed.
It represents one of the most pressing challenges of the 21st century, as technology that was originally developed to improve communication and commerce is increasingly exploited by individuals and groups for unlawful purposes[2]. Unlike traditional crimes that often require physical presence, cybercrime thrives in the borderless nature of cyberspace, making it complex to detect, prevent, and prosecute.
Cybercrime is the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy.[3]
Generally, cybercrime may be divided into one of two types of categories:
- Crimes that affect computer networks and devices directly. Examples are malicious code, computing viruses, malware, etc.
- Crimes enabled by computer networks or devices, the primary victim of which is unrelated to the computer networks or device. Examples include cyberstalking, fraud and identity theft, phishing scams, and information warfare.[4]
In the Nigerian context, cybercrime manifests in familiar forms such as advance-fee fraud (popularly known as “419” or “Yahoo Yahoo”), SIM swap scams, ATM fraud, and social media impersonation.
Cybercrime is a multifaceted threat that does not discriminate in its choice of victims. It can target individuals, organisations, or governments, exploiting vulnerabilities in digital systems for financial, political, or personal gain.[5]
CYBERCRIME AND THE NIGERIAN LEGAL FRAMEWORK
With the introduction and gradual development of the computer age in Nigeria came both opportunities and defects, one of the most notable being the rising prevalence of cybercrime. As Nigeria embraced digital technologies to facilitate communication, commerce, and financial services, criminals also found new ways to exploit the digital environment for unlawful purposes. This trend has given rise to various forms of cyber-enabled crimes that continue to threaten individuals, organisations, and even state institutions.
Initially, the Nigerian legal space recognised only limited forms of cyber-related offences, which were being prosecuted with the use of laws made for traditional offline criminal activities, with Advance Fee Fraud (popularly known as “419”) being the most prominent. This form of fraud was prosecuted under the Economic and Financial Crimes Commission (EFCC) Act, which empowered the EFCC to investigate and enforce laws against financial and economic crimes, including those perpetrated through digital platforms.
Other laws interconnected with the prosecution of cybercrimes include the Money Laundering (Prohibition) Act (MLA) 2011, the Nigerian Communication Act 2003, and the Terrorism (Prevention) Act 2011. Nigeria Data Protection Regulation (NDPR), etc. These laws aim to address various aspects of cybercrime and provide legal tools for prosecuting offenders while also protecting individuals and organisations from cyber dangers.[6]
The enactment of the Cybercrimes (Prohibition, Prevention, Etc.) Act, 2015, represents a significant step in Nigeria’s effort to safeguard the digital rights and privacy of its citizens. At its core, the Act seeks to enforce the constitutional guarantee of privacy in the digital space. According to the 1999 Constitution of the Federal Republic of Nigeria (as amended), Section 37, “the privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected.” This constitutional provision, which originally contemplated traditional forms of communication, has now found extended relevance in the digital era, where most interactions occur online.
The Cybercrimes (Prohibition, Prevention, Etc.) Act, 2015, represents Nigeria’s most comprehensive legal instrument for combating offences committed in the digital space.[7] Beyond simply identifying different categories of cybercrime, the Act prescribes punishments that establish clear standards of criminal liability for offenders. In doing so, it aligns the protection of citizens’ digital privacy and security with constitutional guarantees, while providing mechanisms for accountability in the rapidly evolving cyber landscape.
Recognising the increasing threats posed by these activities, the Cybercrimes (Prohibition, Prevention, Etc.) Act, 2015, was enacted to define and criminalise specific acts committed in the digital environment. The Act categorises cyber offences, establishes standards for criminal liability, and prescribes corresponding penalties, thereby providing a legal framework to protect individuals, organisations, and national infrastructure from unlawful digital intrusions. This section examines the various types of cybercrime identified in the Act, highlighting the instances when liability may arise:
Unlawful Access to a Computer: Unlawful (unauthorised) access to a computer is the intentional use of, or entry into, a computer system, device, application, or network without the permission of the owner or controller or by exceeding the scope of authorised access, typically to view, copy, alter, delete, or interfere with data or services. Such conduct is often committed for fraudulent, malicious, or other illicit purposes.[8]
Computer-related forgery or Fraud: Computer-related fraud or forgery is the intentional use of a computer system to commit fraud or forgery, or to manipulate data, documents, or transactions, in a manner that causes another party to suffer a loss (financial, reputational, or otherwise). [9]
Cyberterrorism: Cyberterrorism is the use of computers, digital devices, or networks to carry out or facilitate acts of terrorism, including disrupting critical infrastructure, spreading fear, or coercing governments or populations for political, ideological, or religious objectives.[10]
It combines the elements of terrorism with cyber means, making attacks potentially borderless, rapid, and difficult to trace
Electronic Signature Fraud: Electronic Signature Fraud is the use of an electronic signature for fraudulent or dishonest purposes, including falsifying, altering, or misrepresenting documents or transactions to deceive another party or gain unlawful advantage[11]
Identity Theft and Impersonation: Identity Theft and Impersonation occurs when a person knowingly makes or causes to be made any false statement, declaration, or representation concerning a material fact in writing, regarding their own identity or that of another, with the intent that it be relied upon, thereby committing fraud, misrepresentation, or identity falsification[12]
Child Pornography: This refers to any visual depiction, production, distribution, or engagement in activities related to sexual exploitation involving a minor (a person under the age of 18 years).[13]
Cyberstalking: Cyberstalking is a course of conduct directed at a specific person, organisation, or entity through the use of computers, digital devices, or the internet that would cause a reasonable person to feel fear, distress, or harm. It includes harassment, threats, bullying, or the dissemination of malicious content with the intent to intimidate, extort, or damage the reputation of the victim.[14]
It is often also referred to as cyberbullying when directed at individuals
Cybersquatting: Cybersquatting is the unauthorised registration, use, or trafficking of a domain name that incorporates a trademark, business, corporation, or government name in a manner that interferes with the legitimate rights of the rightful owner. The purpose is often to profit, mislead, or otherwise exploit the name without permission[15]
spread of racism and xenophobia through the internet: Online racism and xenophobia refer to the use of computers, digital platforms, or the internet to create, share, or promote content that discriminates, insults, threatens, or incites hatred against individuals or groups based on race, ethnicity, nationality, or religion. Such activities aim to demean, intimidate, or mobilize hostility against targeted communities.[16]
ATM/POS Terminal: ATM/POS terminal fraud is the manipulation, tampering, or misuse of automated teller machines (ATMs) or point‑of‑sale (POS) terminals with the intent to defraud or otherwise obtain money, goods, or services unlawfully. This includes physical and digital techniques used to capture card data, circumvent authentication, or force a terminal to dispense cash or accept fraudulent transactions[17]
Phishing: Phishing is a cybercrime in which attackers use deceptive communications—typically emails, messages, or websites—to trick individuals into revealing sensitive information, such as passwords, credit card numbers, or personal data, or to install malicious software on their devices.[18] It refers to an attempt to steal sensitive information, typically in the form of usernames, passwords, credit card numbers, bank account information, or other important data in order to utilize or sell the stolen information.[19]
Spamming: Spamming is the use of unsolicited electronic messages—typically emails, SMS, or social media messages—to deceive recipients with the intent to defraud, steal sensitive information, or induce financial or other losses.[20]
The goal is not just advertising but fraud, deception, or exploitation.
Spread of Computer Virus: The intentional creation, distribution, or spreading of a computer virus, malware, or malicious software that can damage, disrupt, or compromise computer systems, networks, or critical infrastructure. The spread of viruses that When targeted at national infrastructure, it can threaten public safety, government operations, or essential services.[21]
Electronic Card Fraud: Electronic card fraud involves using credit, debit, or other electronic payment cards, or devices associated with them, to unlawfully obtain cash, goods, or any other form of benefit.[22]
PROTECTION AGAINST CYBERCRIME
As technology advances and societies become increasingly dependent on interconnected systems, the risks of malicious online activities grow. Protecting against cybercrime requires a multi-layered approach that combines technical safeguards, legal measures, and continuous awareness.
At the individual level, people must take responsibility for their online safety. Using strong passwords, enabling multi-factor authentication, updating software regularly, and relying on antivirus programmes or firewalls reduce vulnerabilities.[23] Caution when clicking links, downloading files, or sharing personal information helps prevent identity theft, while awareness of phishing and online scams protects against common threats.[24]
Organisations face greater challenges because of the value of the data they hold. Robust cybersecurity policies, regular security audits, encryption, secure backups, and strict access control are essential.[25] Equally important are incident response plans that enable swift detection, response, and recovery from attacks, ensuring business continuity and maintaining trust.
Governments and international bodies also play a vital role. Strong legislation, international cooperation, and public awareness campaigns deter cybercriminals and empower law enforcement.
Ultimately, cybercrime protection is an ongoing process. Continuous training, updated security systems, and adaptability to emerging threats are crucial for building resilience and safeguarding the digital environment.
CHALLENGES IN PROSECUTING CYBERCRIME IN NIGERIA
Despite the introduction of the Cybercrime Act in Nigeria, the fight against cybercrime remains fraught with numerous challenges. The Act itself is largely punitive in nature, focusing on investigations, lawsuits, imprisonments, and fines. While these measures are necessary, the federal government has failed to take proactive steps to collaborate with private sector actors to strengthen cybersecurity across both public and private institutions. The absence of such collaboration leaves significant gaps in prevention and makes prosecution alone an insufficient strategy.
One of the foremost difficulties lies in jurisdictional issues, since cybercrime often transcends geographical boundaries, making it difficult for Nigerian authorities to assert control over offenders operating from abroad.[26] Closely tied to this is the problem of evidential issues, as gathering, preserving, and presenting digital evidence in court is a complex task that requires specialized skills and resources. The judicial process itself is often slow, which undermines effective prosecution and weakens deterrence.[27]
Extradition and international cooperation also remain problematic, as cybercrime is a borderless crime that requires seamless collaboration across countries. Nigeria’s reliance on multiple and sometimes conflicting laws further complicates legal proceedings, while a shortage of forensic capacity, expertise, and modern investigative tools hampers law enforcement efforts.[28] The lack of a universally accepted international law governing cybercrime aggravates these difficulties, leaving gaps in accountability.
Finally, corruption within institutions responsible for combating cybercrime further undermines enforcement. Without transparency and integrity, even well-crafted laws fail to achieve their intended impact. Thus, the prosecution of cybercrime in Nigeria continues to struggle under the combined weight of weak legal frameworks, inadequate resources, institutional corruption, and limited international collaboration.[29]
Reference(S):
[1] Emmanuel Ibiam AMAH and Kelechi Markson MBAM, ‘Domestic Regulation of the Cyberspace: An Appraisal of the Impact of the Nigerian Cybercrime Act on the Rights to Freedom of Expression and Privacy Guaranteed under the Nigerian Law’ (2023) 7 African Journal of Law and Human Rights 1, https://journals.ezenwaohaetorc.org/index.php/AJLHR/article/download/2514/2588 accessed 29 September 2025.
[2] Cybercrime Magazine, “The History of Cybercrime and Cybersecurity, 1940-2020” (Cybercrime Magazine, November 18, 2024) <https://cybersecurityventures.com/the-history-of-cybercrime-and-cybersecurity-1940-2020> accessed September 28, 2025.
[3] Dennis and Aaron M, “Cybercrime | Definition, Statistics, & Examples” (Encyclopedia Britannica, August 19, 2025) <https://www.britannica.com/topic/cybercrime> accessed September 29, 2025
[4] B A Omodunbi, P O Odiase, O M Olaniyan and A O Esan, ‘Cybercrimes in Nigeria: Analysis, Detection and Prevention’ (2016) 1 FUOYE Journal of Engineering and Technology 1
[5] Solomon Ekanem, “Hackers Intensify Attacks on Nigerian Government Websites, Seize NBS Platform” Business Insider Africa (December 19, 2024) <https://africa.businessinsider.com/local/lifestyle/hackers-intensify-attacks-on-nigerian-government-websites-seize-nbs-platform/0zdk4gl>.
[6] OM Atoyebi Oyetola SAN FCIArb (U K), “Addressing Challenges in the Prosecution of Cybercrimes in Nigeria: Legal Framework and Practical Implication” (Omaplex Law Firm, August 12, 2024) <https://omaplex.com.ng/addressing-challenges-in-the-prosecution-of-cybercrimes-in-nigeria-legal-framework-and-practical-implication/> accessed September 29, 2025.
[7] Felix E Eboibi, “A Review of the Legal and Regulatory Frameworks of Nigerian Cybercrimes Act 2015” (2017) 33 Computer Law & Security Review 700 <https://doi.org/10.1016/j.clsr.2017.03.020>.
[8] Cybercrime Act 2015, s 6
[9] Cybercrime Act 2015, ss 13–14
[10] Cybercrime Act 2015, s 18
[11] Cybercrime Act 2015, s 22(2)
[12] Cybercrime Act 2015, s 22
[13] Cybercrime Act 2015, s 23
[14] Cybercrime Act 2015, s 24
[15] Cybercrime Act 2015, s 25
[16] Cybercrime Act 2015, s 26
[17] Cybercrime Act 2015, s 30
[18] Cybercrime Act 2015, s 32(1)
[19] Cloudflare, ‘What Is a Phishing Attack?’ https://www.cloudflare.com/learning/access-management/phishing-attack/ accessed [28th September, 2026]
[20] Cybercrime Act 2015, s 32(2)
[21] Cybercrime Act 2015, s 32(3)
[22] Cybercrime Act 2015, s 33
[23] Simon Burge, “12 Ways to Prevent Cyber Crime” International Security Journal (June 8, 2025) <https://internationalsecurityjournal.com/ways-to-prevent-cyber-crime/>.
[24] Cybersecurity and Infrastructure Security Agency (CISA), ‘Cybersecurity Best Practices’ https://www.cisa.gov/topics/cybersecurity-best-practices [accessed 29 September 2025]
[25] Admin, “Various Types of Cyber Crimes and Ways to Protect Yourself – UPPCS MAGAZINE” (UPPCS MAGAZINE, February 12, 2025) <https://uppcsmagazine.com/various-types-of-cyber-crimes-and-ways-to-protect-yourself/>.
[26] Mayiwa Imue, “The Jurisdiction Challenge in the Enforcement of Cyber-Crime Laws in Nigeria” (Africa Law Practice Nigeria Company) <https://www.alp.company/sites/default/files/THE%20JURISDICTIONAL%20CHALLENGE%20IN%20THE%20ENFORCEMENT%20OF%20CYBERCRIME%20LAWS%20IN%20NIGERIA%20.pdf> accessed September 29, 2025.
[27]https://www.researchgate.net/publication/390941849_CYBERCRIME_PROSECUTION_IN_NIGERIA_CHALLENGES_PROSPECTS#:~:text=Findings%20reveal%20that%20Nigeria’s%20legal,specialized%20training%20for%20judges%20and
[28] ibid
[29] Sani, A. I. , “Nigeria Must Tackle Corruption to Improve Its Cyber Security – Africa at LSE” (Africa at LSE – LSE’s engagement with Africa, October 9, 2024) <https://blogs.lse.ac.uk/africaatlse/2024/10/09/nigeria-must-tackle-corruption-to-improve-its-cyber-security>.
