Integrating Governance, AI Accountability, and Systemic Resilience: A Framework for Critical Infrastructure Protection in Nigeria

Abstract

The security and systemic resilience of critical infrastructure (CI) in developing economies, such as Nigeria, require executive-level governance akin to the NIS 2 Directive's mandates for management body oversight and direct liability (European Parliament & Council of the European Union, 2022). Nigeria's CI faces annual losses exceeding $1 billion from cyber incidents, underscoring the urgency for integrated frameworks (Central Bank of Nigeria, 2024). This governance mandate is necessary because current risk models are often inadequate for accurately assessing the probability and consequence of sophisticated hybrid attacks (NIST, 2008). This paper establishes a synthesized governance framework, leveraging Agency Theory to diagnose internal accountability failures within Nigerian CI organisations (Burch et al., 2024). The resulting model structurally integrates strategies for confronting two paramount systemic threats: complex vulnerabilities within the Artificial Intelligence (AI) supply chain (DHS, 2024; IBM, 2024) and the multiplying effects of the Cyber Climate Nexus (Guy Carpenter, 2025; UNDP, 2024). The prescribed five step model provides a practical and auditable blueprint for strengthening corporate accountability, institutionalising formal risk acceptance procedures, and transitioning from fragmented compliance to proactive, integrated operational resilience (CISA, 2024; Parlov et al., 2025).