FUNDING DIGITAL DEFENSE: THE IMPACT OF THE CYBERSECURITY LEVY ON NATIONAL SECURITY

The Central Bank of Nigeria (CBN) issued a circular on 6th May 2024, to various financial institutions, including commercial, merchant, non-interest, and payment service banks, stating that the cybersecurity levy must be implemented two weeks from 6th May 2024.

The circular stated that “Following the enactment of the Cybercrime (Prohibition, Prevention, etc.) (amendment) Act 2024 and under the provision of Section 44 (2)(a) of the Act, a levy of 0.5 per cent (0.005) equivalent to a half per cent of all electronic transactions value by the business specified in the Second Schedule of the Act, is to be remitted to the National Cybersecurity Fund which shall be administered by the Office of the National Security Adviser” For example, if someone plans to send ?20,000 to another person, 0.5% of that sum would be ?100.

The originator of the electronic transfer will cover the levy, which will be deducted by the financial institution. The deducted sum will appear in the customer’s account with the narration “Cybersecurity Levy.” Thereafter, financial institutions will remit the deducted levy to the National Cybersecurity Fund, administered by the Office of the National Security Adviser.

However, there are sixteen transactions that are not affected by this circular. They include:

• Loan disbursements and repayments
• Salary payments
• Intra-account transfers within the same bank or between different banks for the same customer
• Intra-bank transfers between customers of the same bank
• Interbank placements
• Banks’ transfers to CBN and vice-versa
• Inter-branch transfers within a bank
• Cheque clearing and settlements
• Letters of Credits
• Banks’ recapitalisation-related funding – only bulk funds movement from collection accounts
• Savings and deposits, including transactions involving long-term investments such as Treasury Bills, Bonds, and Commercial Papers
• Government Social Welfare Programmes transactions e.g. Pension payments
• Non-profit and charitable transactions, including donations to registered non-profit organisations or charities
• Educational institutions’ transactions, including tuition payments and other transactions involving schools, universities, or other educational institutions
• Transactions involving bank’s internal accounts such as suspense accounts, clearing accounts, profit and loss accounts, inter-branch accounts, reserve accounts, nostro and vostro accounts, and escrow accounts
• Other Financial Institutions instructions to their correspondent banks.

Nationwide, Nigerians are expressing their dissatisfaction, pointing out that banking transactions are becoming more expensive due to numerous charges. The CEO of the Centre for the Promotion of Private Enterprise (CPPE), Dr. Muda Yusuf mentioned that the recently introduced cybersecurity levy and various taxes enforced by federal, state, and local governments in Nigeria are hindering businesses' ability to stimulate economic growth, resulting in job cuts and inflation nationwide.

The President of the Nigeria Labour Congress, Joe Ajaero, strongly criticized the directives of the Central Bank of Nigeria and urged for an immediate halt and reversal of the policy. He expressed that while the NLC acknowledges the significance of cybersecurity in the current digital era, implementing a levy on electronic transactions without assessing its impact on workers and vulnerable groups is unjustifiable. He emphasized that this levy adds another financial burden for Nigerians, imposing additional financial obligations. He characterized the levy as part of an effort by the ruling elite to further exploit workers and the general population, labeling it as excessive taxation and exploitation.

A cyber threat, also known as a cybersecurity threat, can be defined as a malicious act aimed at stealing or damaging data and disrupting the digital integrity and stability of an organization. These threats encompass a broad spectrum of attacks such as data breaches, computer viruses, denial of service, and other attack methods.

Cyber threats can arise from various sources, from hostile nation-states and terrorist groups to individual hackers, and even trusted insiders such as employees or contractors who misuse their privileges to carry out malicious activities. Cybercriminals and cyberattacks don't just target private individuals; they also pose threats to federal authorities, politicians, and businesses. Successful espionage attacks can lead to significant financial and economic damage.

Cybersecurity is used to prevent these cyber threats. It involves measures taken to protect computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. A well-implemented cybersecurity strategy can establish a robust security stance against malicious attacks aimed at compromising, modifying, erasing, damaging, or extorting an organization's or individual user's systems and confidential data.

As the use of computer data continues to grow, its significance in national security has also expanded, creating potential vulnerabilities. Therefore, safeguarding digitized national security information demands the implementation of appropriate measures to prevent and mitigate the consequences of cybercrime. Presently, cyber threats stand as one of the most significant economic and national security challenges encountered by nations. They have become a national security priority in numerous countries.

These days, alongside traditional warfare tactics, countries worldwide have started adopting cyberattacks as an effective war strategy. This is because cyberattacks possess the ability to inflict substantial damage on critical infrastructures crucial to a nation's security, potentially disrupting civilian daily routines and destabilizing the national economy. Therefore, governments across the world must utilize cutting-edge technologies to strengthen their defenses and efficiently address cyber incidents.

As countries confront the intricate landscape of national security amidst evolving cyber threats, the significance of advanced technologies cannot be overemphasized. Responsibly harnessing the capabilities of major tech players, instituting strong cybersecurity protocols, and promoting global collaboration are essential elements of a comprehensive strategy to safeguard the digital landscape. By embracing innovation while maintaining vigilance, nations can strengthen their defenses and stay ahead of the continuously evolving challenges presented by cyber threats.

POTENTIAL BENEFITS OF THE CYBERSECURITY LEVY

The aim of the cybersecurity levy is to improve cybersecurity measures and safeguard electronic transactions within the country by allocating resources for various purposes such as:

• Reinforcement of cybersecurity infrastructure in Nigeria: One of the primary functions of the funds received by the Government from the cybersecurity levy will be to enhance the cybersecurity infrastructure in Nigeria. This will involve modernizing technology, enhancing data security protocols, and investing in cyber defense tools across Government agencies such as Ministries, Departments, and Agencies.
• Promotion of Cybersecurity awareness: Another function of the funds received by the Government from the Cybersecurity levy will be to sensitize the public on how to identify cyber threats and the importance of cybersecurity. Educational initiatives and training courses can assist Nigerians in recognizing and mitigating cyber threats.
• Deterrent to Cybercriminals: A portion of the revenue generated from the levy can be designated for law enforcement agencies to investigate and prosecute cybercriminals. The allocation of resources dedicated to fighting cybercrime can deter potential attackers.

CHALLENGES AND CONCERNS REGARDING THE CYBERSECURITY LEVY

While there are potential advantages of the cybersecurity levy, there are challenges associated with the implementation timeline, compliance risks, and diplomatic discussions surrounding the cybersecurity levy. Some of these concerns and challenges are:

• The short timeframe for the implementation of the levy: The two-week window for implementing the cybersecurity levy places significant pressure on Nigerian authorities and impacted stakeholders, such as financial institutions and businesses. This narrow timeframe allows minimal opportunity for thorough preparation, testing, and communication regarding the levy's implications, potentially resulting in confusion and operational disruptions. The ensuing ripple effect or risk could be severe, potentially increasing cybersecurity issues.
• Transparency and Corruption concerns: Concerns regarding transparency arise regarding the allocation of levy funds, particularly given the ongoing challenge of corruption in Nigeria. It is essential to guarantee that the proceeds from the levy are utilized for cybersecurity initiatives and not diverted for alternative uses to preserve trust both domestically and internationally. Any suspicion of mishandling or misappropriation could erode confidence in the levy and Nigeria's cybersecurity endeavors.
• Compliance Errors: The complexity related to the classification of transactions and implementing exemptions increases the potential for compliance mistakes. Erroneously applying the levy to transactions that should be exempted, or vice versa, may lead to financial penalties, regulatory investigation, and harm to banks' reputations. This situation could also spark disagreements and misunderstandings with international partners. Likewise, delays or inaccuracies in transaction processing and uncertainty about levy application could weaken investor confidence and their views on Nigeria's financial regulations.
• Burden on businesses and consumers: The levy has the potential to raise the cost of electronic transactions for both consumers and businesses. Despite being a small percentage, it can accumulate over time, particularly for those who frequently use electronic payment systems. This increase may discourage the use of electronic transactions and impede efforts to promote financial inclusion.

CONCLUSION

In conclusion, while cybersecurity undeniably plays a crucial role in safeguarding national security, implementing a cybersecurity levy during such a delicate economic period may prove to be too burdensome. This levy could potentially dissuade individuals and businesses from engaging in electronic transactions, hindering economic growth and innovation. Therefore, it's essential to strike a balance between bolstering cybersecurity measures and ensuring a conducive environment for electronic transactions to thrive in the current economic climate.