• Tuesday, July 23, 2024
businessday logo


Cybersecurity levy in Nigeria: Can a nation tax itself to prosperity?

Cybercrime is a growing menace plaguing businesses, governments, and international organisations worldwide. A recent report by the World Economic Forum highlights a surge in sophisticated attacks driven by geopolitical tensions and the proliferation of new technologies.

The report, citing data from the 2023 Global Risk Report, warns of a significant rise in Advanced Persistent Threats (APTs). These targeted attacks, often backed by nation-states, are becoming increasingly intricate and widespread.

“While the urgency to combat cybercrime is widely acknowledged, questions linger about the levy’s effectiveness and potential impact on digital transactions.”

New technologies fueling cybercrime:

The report emphasises how advancements in technology are amplifying the reach and impact of cybercrime. Malware and ransomware attacks—where criminals extort victims by threatening to publish or block data—skyrocketed by over 350 percent and 430 percent, respectively, in 2020 alone.

Cybercrime is not just a technological inconvenience; it’s a multi-trillion-dollar business. Industry estimates suggest cybercrime inflicted damages of $3 trillion in 2015, ballooning to a staggering $6 trillion by 2021. By 2025, the figure could reach a colossal $10.5 trillion annually.

The repercussions of cybercrime extend far beyond financial losses. It erodes trust among internet users and damages the reputations of public and private institutions.

Read also: No to bullying Nigerians for cybercrimes with Cybersecurity levy

National strategies for a collective defence:

A robust national cybersecurity strategy is paramount for safeguarding a nation’s digital economy and critical infrastructure. The World Economic Forum report recommends five key focus areas for national strategies:

Governance: Establishing clear leadership, roles, and responsibilities for cybersecurity across government entities.

Risk management: identifying and assessing cyber threats and developing risk mitigation plans.

Preparedness and resilience: building incident response capabilities and contingency plans for cyberattacks.

Critical infrastructure and essential services: prioritising the protection of critical infrastructure like power grids and financial systems.

Capability building and awareness-raising: Implementing training and educational programmes to enhance cybersecurity knowledge and skills across all sectors.

The new cybersecurity levy: a boon or burden for digital transactions in Nigeria?

Although President Bola Ahmed Tinubu has suspended it for further review, Nigerians will be making an electronic transfer levy of 0.5 percent (once it gets presidential approval), mandated by the recently amended Cybercrime (Prohibition, Prevention, etc.) Act 2024. This levy, borne by the originator of the transaction, aims to bolster the country’s cybersecurity defences.

Read also: FG confirms suspension of the 0.5% Cybersecurity levy

How it works

Financial institutions will deduct the levy at source and reflect it on the customer’s statement as “Cybersecurity Levy.” These collected levies must be remitted in bulk to the National Cybersecurity Fund (NCF), domiciled at the Central Bank of Nigeria (CBN), by the fifth business day of every month.

The deadline for financial institutions to update their systems for levy deduction and remittance is two weeks from the issuance of the circular, dated May 6th, 2024. Failure to comply can result in a penalty of up to 2 percent of an institution’s annual turnover.

Not all transactions are subject to the levy. Exemptions include loan repayments, salary payments, intra-bank transfers, check clearings, government social programmes, and transactions involving educational institutions and non-profit organisations.

This cybersecurity levy comes amidst a backdrop of growing cyber threats. According to the Nigerian Communications Commission, cybercrime costs the nation a staggering $500 million annually. These threats encompass hacking, identity theft, cyber terrorism, harassment, and internet fraud.

In the past war against cybercrime, several draft bills addressing this issue have been initiated since 2005, including the Computer Security and Critical Infrastructure Bill and the Electronic Transfer of Funds Crime Bill. However, none of these bills have successfully navigated the legislative process.

So this new levy will hopefully enhance cybersecurity measures in several ways, like strengthening cybersecurity infrastructure, including upgrading technology, improving data security measures, and investing in cyber defence tools for government agencies.

Also, the funds will help enhance cybersecurity awareness through public education campaigns and training programmes that can equip Nigerians to identify and avoid cyber threats.

According to the Nigeria Inter-Bank Settlement System Plc (NIBSS) 2023 annual fraud landscape report, social engineering was a major technique used by cyber criminals. Social engineering attacks involve manipulating users into divulging sensitive information or performing actions for the attacker’s benefit. There were a total of 62,901 incidents in 2023 alone.

The introduction of the cybersecurity levy has ignited a national conversation. While the urgency to combat cybercrime is widely acknowledged, questions linger about the levy’s effectiveness and potential impact on digital transactions.

Read also: Tinubu orders CBN to suspend implementation of cybersecurity levy

Alternative to the cyber-security levy:

The nation faces significant revenue challenges, limiting its ability to promote growth that benefits everyone. In this context, it is a no-brainer that the government will go to any length—within the legal ambit—to mobilise the required revenue from any source remotely available.

This raises the question: can taxing our way to prosperity work? Research suggests higher taxes tend to pauperize the already-burdened citizens, and no country can tax itself to prosperity.

It is, perhaps, in recognition of this fact that the Presidential Advisory Committee on Tax Reforms has assured there will be no tax hikes. However, a recent cybersecurity levy sparked a public outcry. While the levy itself isn’t new, the timing amidst economic hardship seems questionable. The success of any policy hinges on timing, which is a key factor in the current public resistance.

Numerous reports suggest that the government aims to generate approximately N3 trillion annually from the levy. However, there hasn’t been any official disclosure to the public regarding the cost-benefit analysis. Any implementation of a tax or levy must include a tax expenditure statement, offering insight into whether the benefits outweigh the costs. Merely providing revenue projections, which lack certainty due to the absence of detailed information, isn’t sufficient. While reports have outlined how the funds will be allocated, transparency in the cost-benefit assessment of the new levy is paramount.

It is noteworthy that the policy is targeted at fighting cybercrimes and raising revenue for the government. However, boosting revenue generation should not impose a further burden on poor and vulnerable Nigerians. We at BDI propose the following alternative or integrated approach to generate funds to combat the threat:

Read also: With Cybersecurity Levy, it will cost about N135 to transfer N10,000

Government budget allocation: The government could allocate a portion of its annual budget specifically for cybersecurity initiatives, including funding for training, infrastructure development, and research. This is the practice in the USA and the UK, where cybersecurity is funded through federal budgetary allocations.

Private sector contributions: The private sector, including businesses and industry associations, could voluntarily contribute funds to support cybersecurity efforts. This could be through direct financial contributions or through partnerships with government agencies to sponsor cybersecurity programmes.

Tax incentives for cybersecurity investments: The government could provide tax incentives or deductions to businesses that invest in cybersecurity measures. This could encourage businesses to allocate more resources to cybersecurity and contribute indirectly to funding cybersecurity initiatives.

International grants and funding programmes: Nigeria could seek financial assistance from international organisations, such as the World Bank or the United Nations, to fund cybersecurity projects and capacity-building initiatives. For example, Australia provides funding for cybersecurity research and education programmes through established grant programmes such as the Cybersecurity Cooperative Research Centre (CSCRC). could be used to support various aspects of cybersecurity, including training programmes, infrastructure development, and policy implementation.

Public-Private Partnerships (PPP): The government could establish partnerships with private sector organisations to jointly fund cybersecurity initiatives. PPPs can leverage the expertise and resources of both the public and private sectors to address cybersecurity challenges more effectively. This is the practice in Singapore and Germany.

Cybersecurity Insurance: Encouraging the adoption of cybersecurity insurance among businesses could provide an alternative source of funding for cybersecurity initiatives. Insurance premiums paid by businesses could contribute to a pooled fund dedicated to cybersecurity efforts, such as incident response and recovery programs. Japanese companies are increasingly investing in such insurance to protect themselves against cyber threats.

About the authors:

Obidike Okafor is a senior research and data analyst at BusinessDay Intelligence. He has years of experience in journalism and research across various industries.

Fashola Olanrewaju, a junior research and data analyst at BusinessDay Intelligence, possesses a strong background in conducting financial evaluations and economic analysis.

For enquiries: Nike Alao- Chief Research Officer (+2348034856676)

Exit mobile version