Your Legal Advocates
expertise in Every Case

Contact Information

  • Wasington SY, UK, NY 12099
  • +81 800 123 06 78
  • seargin@gmail.com

Get Regular Updated

    follwo us

    Cyber Fraud & Corporate Liability: When Employees Become the Weakest Link

    Brickmans Law > Blog > Article > Cyber Fraud & Corporate Liability: When Employees Become the Weakest Link
    CYBER FRAUD and CORPORATE LIABILITY

    Cyber Fraud & Corporate Liability: When Employees Become the Weakest Link

    by Princess Oriarebun

    With businesses relying heavily on digital systems, cyber-fraud is a growing concern. For  corporate law firms, a major challenge is when employees, whether through carelessness or  wrongdoing, cause security breaches. In Nigeria, laws are changing rapidly, and companies  need to know how to prevent employee-based cyber-fraud and limit their legal liability.

    Nigeria’s main law on cyber‑fraud is the Cybercrimes (Prohibition, Prevention etc.)  Act 2015, which criminalizes unauthorized access to computer systems, data interference,  identity theft and related offences. In February 2024, the law was amended to broaden  offences, increase penalties, and tighten organisational obligations.

    Generally, companies face risks and can be held liable if senior officers engage in wrongdoing  or if employees commit offences while acting within the scope of their work. Here are the key  points for companies to be aware of:

    • Organisations must implement safeguards to prevent unauthorised access and data interference.
    • The law applies to everyone, including companies.
    • Penalties include 5 to 7 years imprisonment and fines.
    • The Nigeria Data Protection Act 2023 also requires data controllers to protect data and report breaches.

    Employees can be the main entry point for cyber‑fraud through misuse of access, phishing,  policy violations, or collusion with outsiders. Companies manage these risks through  monitoring, incident reporting, internal controls, vendor oversight, and governance.

    Case Study – MTN Nigeria Hack 

    In 2024, two students were arraigned in Lagos for hacking into MTN Nigeria’s systems and  stealing approximately ₦1.9 billion worth of airtime and data. They were charged with  unauthorised computer access and data interference under Nigerian cybercrime laws.

    Key Lessons:

    • Access by employees or outsiders can result in significant financial losses for companies.
    • Strong internal controls, monitoring systems, and governance are essential to prevent and mitigate such incidents.
    • Even without direct corporate prosecution, such incidents highlight potential corporate liability risks and the importance of robust cyber-risk management strategies.

    In conclusion, managing cyber fraud and corporate liability starts with recognizing employees  as a potential weak link. Strong governance, quick response to incidents, regular audits, and  legal guidance on training and contracts help organizations stay resilient against evolving  cyber threats.

    References 

    Cybercrime Act 2015, ICLG – Cybersecurity Laws in Nigeria, Nigeria Data Protection Act  2023, MTN Student Hack Case – The Nation .