21st Century Crime Control: An Analysis Of The Socioeconomic Relevance Of The Cybercrimes (Prohibition And Prevention) Act, 2015.



The world has witnessed and is still witnessing a fast-paced advancement in technology. This advancement is global and Nigeria, as a third-world country, is not an exception from this advancement. The world has been taken over by Information and Communication Technology (ICT). From the analog era, we have evolved into a technology-driven age.

ICT has become the new normal. The resultant effect of this advancement is that physical transactions have been replaced by virtual operations. We now leverage on the enormous opportunities that ICT has presented to us. Business transactions have been negotiated and executed virtually with the help of ICT.

Data, information, documents have equally been stored and shared with the help of the advancement in technology. Numerous as the merits of technology may be, there have also been given to crime in the cyberspace. Users of the cyberspace fall prey to cybercriminals who intentionally defraud and illegally access people’s data with fraudulent intentions.

Most of these cybercrimes result in economics lost to the innocent victims. The Cybercrimes (Prohibition and Prevention) Act, 2015 was enacted to serve as the regulatory and institutional framework for the prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria.[1] So far, the Act has been an effective instrument of cybercrime control; it is the socioeconomic relevance of the Act that this article wishes to analyze.

Keywords: ICT, Cybercrime, cyberspace, Socioeconomic.



Our 21st century society has witnessed an upsurge in Information and Communication Technology. In Nigeria, many economic and social activities have taken to the use of the Internet. In the midst of these socioeconomic activities on the cyberspace, cyber crime has equally found its way into the picture.

As a result of these criminal activities, the rights of law-abiding persons have been infringed upon either through identity theft, fraud or unauthorized access into their data storage.

The increase in cybercrime such as hacking, phishing, intellectual property infringements, credit cards theft, cyberterrorism etc., is owing to the anonymity which an offender can maintain while committing online crimes and the ease of flow of information through networks.[2]

This unprecedented upsurge in cybercrime has propelled many jurisdictions to establish laws to regulate, prevent, and prohibit cybercrime. Nigeria has not allowed itself to be left behind in this battle, as the Cybercrime Prohibition and Prevention Act was enacted in 2015 to serve as a regulatory law for cyber operations.

Prior to the enactment of this Act, there was no uniform law to regulate cyber operations. Different laws were used, such as the Advance Fee Fraud and other related offenses Act, 1995, Economic and financial crimes Act, 2004,[3]and Money laundering (Prohibition) Act, 2011 were used.

These laws were not uniform; the enactment of the cybercrime Act provided a uniform Law for the regulation of cyber operations. Going further, notice ought to be taken of the fact that cybercrime circumscribe criminal activities that involve computer systems and networks.

Consequently, the term cyber crime describes  every criminal activity from unauthorized access into a network that results in money loss to unlawful denial of service to a rightful user. These acts are perpetrated by way of illegal access into another user’s database, illegal interception, data interference, and system interference, misuse of devices, forgery and electronic scams.[4]

However, the enactment of the Act has foiled many cybercrimes, served as a remedy to victims who have suffered a loss of cybercrime. In this article, great effort will be made to analyze how relevant the Act has been to Nigeria socioeconomically. The analysis of the Act will be done in seriatim.


(1.) ICT: This is the acronym for Information and Communication Technology. It is an extensional term for information technology (IT) that stresses the role of unified communications and the integration of telecommunications (telephone lines and wireless signals) and computers, as well as necessary enterprise software, middleware, storage and audiovisual, that enable users to access, store, transmit, understand and manipulate information.

ICT is also used to refer to the convergence of audiovisual and telephone networks with computer networks through a single cabling or link system. There are large economic incentives to merge the telephone network with the computer network system using a single unified system of cabling, signal distribution, and management.

ICT is an umbrella term that includes any communication device, encompassing radio, television, cell phones, computer and network hardware, satellite systems and so on, as well as the various services and appliances with them, such as videoconferencing and distance learning. ICT also includes analog technology, such as paper communication, and any mode that transmits communication.[5]

(2.)Cybercrime: Cybercrime is any criminal activity that involves a computer, networked device or a network. While most cybercrimes are carried out in order to generate profit for the cybercriminals, some cybercrimesare carried out against computers or devices directly to damage or disable them.

Others use computers or networks to spread malware, illegal information, images or other materials. Some cybercriminals do both — i.e., target computers to infect them with a computer virus, which is then spread to other machines and, sometimes, entire networks. A primary effect of cybercrime is financial.

Cybercrime can include many types of profit-driven criminal activity, including ransomware attacks, email and internet fraud, and identity fraud, as well as attempts to steal financial account, credit card or other payment card information.[6]

(3.)Cyberspace: Cyberspace refers to the virtual computer world, and more specifically, an electronic medium that is used to facilitate online communication. Cyberspace typically involves a large computer network made up of many worldwide computer subnetworks that employ TCP/IP protocol to aid in communication and data exchange activities. Cyberspace’s core feature is an interactive and virtual environment for a broad range of participants.[7]

(4.)Socioeconomic: Socioeconomic (also known as social economics) is the social science that studies how economic activity affects and is shaped by social processes. In general, it analyzes how modern societies progress, stagnate, or regress because of their local or regional economy, or the global economy. It also refers to the ways that social and economic factors influence the economy.[8]


This article will now meticulously elucidate the sections of the Act that are substantially related to crime control in the 21st century. This elucidation of the sections of the Acts will be done in seriatim.


Part Two of the Act contains Sections 3 and 4, which provide for the protection of critical National Information Infrastructure. Section 58 of the Act defines Critical Infrastructure as systems and assets which are so vital to the country that the destruction of such systems and assets would have an impact on the security, national economic security, and national public health and safety of the country.

The President of the Federal Republic of Nigeria under Section 3 is empowered on the recommendation of the National Security Adviser by order published in the Federal Gazette to designate computer systems as Critical National Information infrastructure.

The order made by the president would prescribe the minimum standards, guidelines and rules and procedure in respect of the Critical National Information Infrastructure. The aim of this Part is to protect Critical National Information Infrastructure from being tampered with by cybercriminals.


This Part contains Section 5 to Section 36 of the Act. This part contains offences punishable under the Act and penalties in respect of the offences. Section 5 of the Act prescribes the punishment for a person who commits an offence contrary to the critical national information infrastructure such person would be liable to 10 years imprisonment, if the act causes bodily harm to any person, then 15 years imprisonment, if the act causes death to another, the penalty will be life imprisonment.

Section 6 of the Act criminalizes unlawful access to a computer. Section  6 (1) provides that any person who, without authorization, intentionally accesses in whole or in part a computer system or network for fraudulent purposes and obtain data that are vital to national security commits an offence and would be liable to 5 years imprisonment or fine not less than N5,000,000 or both.

If the person has an intent to obtain computer data, the punishment is 7 years. Section 6 (4) protects computer which affect private and individual interest within or outside the Federation of Nigeria. This section makes the application of the Act extraterritorial. So that no matter where a person perpetrates cybercrime from,  it can’t prevent the person from being  punished.

Section 7 of the Act provides for registration of cybercafé. It provides that from the commencement of this Act, all operators of a cybercafé shall register as a business concern with the computer professional registration council in addition to a business name registration with the Corporate Affairs Commission.

This provision of the Act intends to achieve a comprehensive data of a cybercafé in operation to aid in tracing any form of cyber crime perpetuated for any cybercafé.

Cybercafés are also directed under Section 7 (1) to maintain a register of users through a sign-in register. The register shall be available to Law enforcement personnel whenever needed. This provision intends to give an easy way of investigating cybercrime.

Section 7 (2) provides that any person who perpetrates electronic fraud or online fraud using a cybercafé shall be guilty of an offence and shall be sentenced to three years imprisonment or a fine of one million naira or both.

Subsection 3 provides that if such a person connives with the owners of the cybercafé, the owners would be guilty of an offence and sentenced to three years imprisonment or a fine of one million naira. Section 7 (4) of the Act provides that the burden of proving connivance shall be on the prosecutor.

Section 8 criminalizes the use of any computer system by any person without lawful authority. Section 9 criminalizes the act of destroying or aborting electronic mails or processes in which money or valuable information is being conveyed. It limits the punishment to only when money or valuable information is being conveyed.

Section 10 of the Act criminalizes any act of an employee employed under any Local Government, private organization or financial institution with respect to working with any critical infrastructure or electronic mail and commits an act which is inconsistent with his contract of service or permits tampering with a computer.

This provision of the Act attempts to regulate employment relationships between an employer and employee, however, this regulation is only limited to employees working with any critical information. This provision is to keep employees in check to prevent them from engaging with information or data that is beyond their pay grade.

Section 11 of the Act criminalizes the act of any person in willful misdirection of electronic messages. Section 12 (1) criminalizes the Act of the unlawful interception of non-public transmissions of data. Subsection 2 criminalizes the act of any person who by false pretenses induces any local, State or federal government worker to deliver any electronic message to him which is not specifically meant for him. Subsection 3 criminalizes the act of any Government worker who hides or detains any electronic mail and delivers the same to a wrongful person.

Section 13 criminalizes the Act of computer related forgery, which includes knowingly accessing any computer or network with the intention that such inauthentic data would be considered.

Section 14 of the Act provides for computer related fraud. Section 14 (4) (a) of the Act provides that any person employed by or under the authority of any bank or other financial institutions who with intent to defraud, directly or indirectly, diverts electronic mails commits an offence and shall be liable on conviction to imprisonment.

Section 14 (4) (b) further provides that any person who commits an offence subject to Subsection (4) (a) which results in material and/or financial loss to the bank or financial institution or customer shall in addition to the term of imprisonment refund the stolen money or forfeit any property to which it has been converted to the bank, financial institution or the customer.

Section 15 of the Act criminalizes theft of electronic devices. It criminalizes the offence of stealing a financial institution or public infrastructure’s terminal, an Automated Teller Machine, and also criminalizes the act of attempted stealing of an Automated Teller Machine. Section 16 of the Act criminalizes the act of unauthorized modification of computer systems, network data and system interference.

Section 17 (1) (c) criminalizes the act of any person who forges another’s signature or a company’s mandate. Section 18 of the Act criminalizes cyberterrorism, it provides that any person that accesses or causes to be accessed any computer or computer system or network for purposes of terrorism, commits an offense and is liable on conviction to life imprisonment. The Act adopted the definition of Terrorism as provided under the Terrorism (Prevention) Act, 2011 (as amended).

Section 1 of the Terrorism (Prevention) Act 2011 defines an act of terrorism as an act which is deliberately done with malice and may seriously harm or damage a country or an international organization, The Amendment to the Act expanded the definition of terrorism to include the act of financing any terrorist group.

Section 19 of the Act imposes a duty on financial institutions to safeguard sensitive information of their customers and prohibits them from giving a single employee access to sensitive information.

Section 19 (3) provides that financial institutions must as a duty to their customers put in place effective counter-fraud measures to safeguard their sensitive information, where a security breach occurs the proof of negligence lies on the customer to prove the financial institution in question could have done more to safeguard its information integrity.

Section 20 criminalizes the act of any employee of a financial institution with the intent to defraud issues false electronic or verbal messages. Section 21 imposes a duty on anyone operating a computer system to notify the National Computer Emergency Response Team (CERT) of any attacks on intrusion on its computer.

This is one of the enforcement bodies created by the Act to enforce its provisions. Any person who fails to report such an incident shall be liable to pay a mandatory fine of N2, 000,000 million to the National Cyber security fund. This section imposes a duty on anyone to report any crime committed under the Act to the CERT, and failure to report the crime in itself constitutes a criminal offense and such a person will be liable to pay a fine.

Section 22 of the Act criminalizes identity theft and impersonation of any person who is engaged in the services of any financial institution. Section 23 (1) of the Act criminalizes the act of using child pornography on any computer system or network.

Section 23 (3) criminalizes the act of using any computer system or network for the purpose of meeting a child and engaging in sexual activities with the child. This brings into the ambit of using social media such as Facebook, Twitter, Instagram and the numerous social media platforms available today for the purpose of meeting a child and afterwards engages in sexual activities with the child.

The definition of computer system in the definition section is wide enough to cover portable hand set and other communication devices. The Act under Section 23 (5) defines who a child or minor is as a person below 18 years of age.

Section 24 of the Act deals with cyberstalking, it criminalizes the act of any person who sends another through a computer network offensive materials by means of a computer system or network.

Section 24 (3) of the Act empowers the court to make any order necessary for preventing any act of further harassment on the person concerned. Subsection 5 provides that the order may last for a specified period and the defendant may apply to the court to vary the order.

The court is also empowered to make an interim order for the protection of victims from further exposure to the alleged offenses. This is a laudable provision of the Act, as it provides not only for the punishment of the offender, but to protect the victim of the offense from further acts of cyberstalking from the offender.

Section 25 of the Act provides for cyber-squatting. This is a welcome development, as this section protects intellectual property rights on the internet and cyberspace. The practice of cyber-squatting generally refers to abusive domain name registration, offering for sale or using an internet domain name which incorporates someone else’s trademark, name or existing business or other company designation in order to block the domain, sell or license it with the intent of profiting from It.[9]

Section 25 (1) provides that any person who intentionally takes or makes use of any name, business name registered and owned by any individual, Government without authority or right commits an offense. In awarding a penalty against the offender, the court is to have regard for refusal by the offender to relinquish upon formal request by the rightful owners and an attempt by the offender to obtain compensation in any form for the release to the rightful owners for use of the name.[10]

In addition to the penalty, the court may also order that the offender relinquish such registered name, mark, trademark, domain name or other word or phrase to the rightful owner. This extends the protection of intellectual property from physical to the cyberspace.[11]

Section 26 of the Act criminalizes the act of using any computer system or network to promote racist and xenophobic attacks. The Act under Section 26 (1) (c) criminalizes the act of insulting publicly through a computer system or network persons for the reason that they belong to a group distinguished by race, color, etc.

Section 27 criminalizes the act of any person who attempts to commit an offense under the Act or aids and abets another in committing an offense; such person shall be liable to the same punishment as the principal offender.

Section 27 (2) criminalizes the act of any employee of a financial institution who is found to have connived with another person to perpetrate fraud, such person is liable to seven years imprisonment and to return the money converted to the Bank.

Section 28 of the Act criminalizes importation and fabrication of E-Tools. Such tools include any device, including a computer program or component, designed or adapted for the purpose of committing an offense under the Act.

Section 29 criminalizes the act of breach of confidence by service providers, where the computer-based service provider, with intent to defraud, illegally uses its customers’ security code with the intent to gain any financial or material gain.

The Act also provides that where a body corporate is convicted of an offense under the Act, the court may order that the body corporate shall thereupon and without any further assurances, but for such order, be wound up and all its assets and properties forfeited to the Federal Government.

Section 30 of the Act criminalizes the act of a person manipulating an ATM or point of sale terminals. Section 31 mandates every employee to surrender to its employer codes or access rights immediately they leave the employment of the employer, but this provision is without prejudice to any contractual agreement between the employer and the employee, upon refusal to do so it is deemed that the employee intends to hold such employer to ransom and such employee would be liable for an offense.

Section 32 of the Act criminalizes the offense of phishing and spamming and also spread of computer virus. Phishing is defined under the Act as the criminal and fraudulent process of attempting to acquire sensitive information, such as usernames and password.

Section 33 of the Act deals with electronic cards and related fraud. The section attempts to criminalize any act of tampering with any of the credit, debit, charge and other types of financial cards. The section criminalizes the act of stealing an electronic card.

Section 33(13) imposes a duty on financial institutions to make available to the Central Bank of Nigeria or a licensed credit bureau which seeks to determine only the cardholders rating without the permission of the cardholder but must within 7 working days give notice in writing of the disclosure to the cardholder failure to notify the card owner within the stated period, such financial institution commits an offense. Section 34 criminalizes the act of dealing with another person’s card.

Section 35 criminalizes act of selling by an unauthorized person of cards and purchase of such cards. Section 36 of the Act criminalizes the use of fraudulent device or attached emails to obtain information or details of a cardholder.


The enactment of the Cybercrime (Prohibition Prevention etc.) Act in Nigeria is a responsive and timely step towards efficiently tackling and controlling crimes in the 21st century, which is mainly cyber crimes. The Act extends full coverage to accommodate all forms of electronic based crimes.

As it has been extensively elucidated in this article, the many areas of cyber crimes and how the Act has provided regulatory laws to punish offenders. It is glaring that the enactment of this Act in Nigeria has provideded an adequate tool in crime control, and it equally gives socioeconomic relevance to the 21st century Nigeria cyber user.


[1] Section 1 Cybercrime (prohibition, prevention etc.,) Act, 2015


[2] Oke, Oluwakemi, An Appraisal of the Nigerian Cybercrime (Prohibition, prevention, etc.,) Act, 2015 (Sept 3, 2015) available at SSRN: http://ssrn.com/abstract = 2655593 accessed 21st May, 2022


[3] E1, Laws of the Federation of Nigeria, 2004

[4] John Baiden, Cybercrimes. Accessible at http://ssrn.com/abstract = 1873271 accessed 21st May, 2022

[5] Wikipedia at ICT en.m.wikipedia.org accessed 21st May, 2022

[6] Kate Brush, what is Cybercrime (2021) http://www.techtarget .com accessed 21st May, 2022

[7] Techopedia Cyberspace (2020) http://www.techopedia.com accessed 21st May, 2022

[8] Wikipedia, Socio economics (2020) http://www.wikipedia.org accessed 21st May, 2022

[9] Katarzyna Wisniewska, Cybersquatting and Resolving of Domain name Disputes in Poland. COFOLA 2011: the  Conference Proceedings, 1. Edition Brno: Masaryk University 2011.


[10] Section 25(2)(a)&(b)


[11] Section 25(3)


About the author:

Raphael Matthew Umanah is a 400l Law Student at the University of uyo.

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like