MTN, Airtel, Globacom and others ordered to notify NCC of cyber threats within 4hrs

The Nigerian Communications Commission (NCC) has directed all telecommunications companies (telcos) to notify the regulator within four hours of detecting any cyberattack. This is contained in the NCC’s newly released Cyber Resilience Framework for Nigeria Communication Sector (CRF-NCS), dated February 2026.

According to the document, the rule, effective from February 2027, forms part of the ongoing process to ensure national security and subscribers’ data protection. NCC noted that the framework aims to ensure a sector-specific approach to cybersecurity.

Aside from the 4-hour rule, telcos are expected to provide the NCC with a periodic update every 4 hours after detection and provide a confirmation report after 24 hours (1 day). Reports are meant to be made through a dedicated portal.

Telcos encounter cyberattacks, just like every other data-driven company. Threats that stem from a cyberattack on telcos involve data breach on subscribers’ information, attacks leading to system outage, targeted attacks and malware infections.

Providing more context, NCC noted that the approach enables service providers to effectively respond to, recover from and also learn from cybersecurity events, while strengthening sector-wide situational awareness to cyberattacks and protection of subscribers’ data. 

It added that the framework “aims to foster a unified and resilient cybersecurity stance while strengthening the protection of telecom infrastructure against cyberattacks.”

As part of the sector-wide move, telcos are directed to set up a Cyber Security Operations Centre (SOC) to monitor all forms of cyberattacks or malicious activities for prompt detection and reporting. This includes developing cybersecurity and internal cyber resilience structures to mitigate such threats.

In addition, operators are to appoint a cybersecurity role within their system, who works hand-in-hand with the NCC’s Computer Security Incident Response Team (NCC-CSIRT) for information sharing and collaboration.

Also Read: MTN, Airtel, Glo others must now inform subscribers of data breach within 48 hrs.

NCC’s clampdown on data breaches

The latest framework forms part of the regulator’s move to promote a safe communications environment in Nigeria. With the CRF-NCS, which will be effective one year from now, NCC wants to build a system where the operators identify and mitigate threats before having a critical impact on infrastructure and subscribers’ data.

The new framework is a testament to NCC’s drive to ensure data protection.

Recall that telcos are now directed to notify affected customers of any data breach within 48 hours of detecting such an attack. As contained in the revised Internet Code of Practice 2026, the rule is a necessary measure to protect customers’ data from unauthorised use, disclosure, access or breach.

Both regulations come at a time when privacy is becoming more compromised amid frequent breaches and illegal harvest of data ranging from biometric to national IDs, financial information, traffic and usage, and others. 

Regulations are necessary for the proper handling, consent, and regulatory compliance regarding sensitive data, ensuring it is only processed for legitimate purposes. 

The post MTN, Airtel, Globacom and others ordered to notify NCC of cyber threats within 4hrs first appeared on Technext.