A ‘Cybersecurity Levy’, which was due to be applied to transactions by the Central Bank of Nigeria (CBN) in order to raise funds for national campaigns has been temporarily suspended.

In a statement, the CBN said the Levy was being withdrawn after the Federal Executive Council (FEC) decided to suspend the levy last week as it has generated public outcry.

If approved, the Levy would have seen 0.5% of a transaction sent to the Nigerian cybersecurity council to fund campaigns and computer emergency readiness teams (CERTs).

Created Controversy

The Levy was due to come into force this month, with the CBN previously issuing an instruction to various financial institutions - including commercial, merchant, non-interest, and payment service banks - that the Levy was to be applied at the point of electronic transfer origination, then deducted by the financial institution.

However the directive sparked a nationwide outcry from the Nigerian public, according to media reports, who were dissatisfied that banking transactions are becoming increasingly costly due to these changes.

Other media reports said that the Levy was withdrawn due to it being ‘ambiguous’, and the House of Representatives saying the CBN should withdraw the original circular and “issue a more understandable one.”

When it was proposed that the Levy would be imposed on Nigerian citizens, Peter Obi, Presidential candidate of the Labour Party in the last general election, said the Levy was exploiting a “dying economy” and burdening struggling Nigerians.

Also, the Nigerian Association of Chambers of Commerce, Industry, Mines, and Agriculture (NACCIMA) asked the CBN to cap the levy at a maximum amount of N500 (£0.26).

With over N600 trillion (£321 million) recorded in e-payments last year, a 0.5% cut would be significant.

Dr Abdulrazaq Fagge, economics teacher at Yusuf Maitama University, told the BBC that if you transfer a million naira, “five thousand naira gets deducted as cybersecurity levy, which is not fair to ordinary persons."

Funding the Strategy

Speaking to SC UK, Dr Jimson Olufuye, principal consultant at Kontemporary Konsulting and a former chair of the Africa ICT Alliance, says the Levy was initially introduced after a national programme for cybersecurity was put in place in 2015, but that was never implemented until the current government came into power.

“The current advisor needed funding to carry out the cyber policy and strategy and there was no money and they needed to get funding,” he says. “Also they needed to create a cybersecurity agency, and need to engage in awareness and create campaigns.” 

Olufuye confirms that the 0.5% levy will only apply to specific transactions and from these entities:

• GSM service providers and all telecommunication companies

• Internet service providers

• Banks and other financial institutions

• Insurance companies

  • Nigerian Stock Exchange

“These entities declare a lot of profit every year, and are under attack in Nigeria and compared to others, we pay low VAT,” he says.” However he understands why businesses were quite upset about the charges, and calls the communications around the Levy “faulty and in bad taste.”

However he believes that while bad communication killed the Levy, it will come back in a new form. “No one liked it and only those people who were involved in the national cybersecurity council were pushing it: no one was happy with it as it was expensive and it didn’t go down well.”

The law has been passed though, and Olufuye says the next step will be to rewrite it and the Levy will be adopted. Will this be embraced with better communications though? Olufuye says that some people in the country are still concerned that the money collected by the Levy will be misappropriated.

This effort is certainly an unusual way to raise funding, although maybe the need for better campaign and awareness is being exemplified by how badly this Levy rollout has been done.

Perhaps if there were more emphasis on how secure the nation would be as a result of a national cybersecurity programme being rolled out, this cost would be understood. At the moment though, it appears more like an extra charge on the public.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.