Nigeria’s Cybersecurity Challenge Grows as Cybercriminals Target Digital Growth
What happened
Nigeria is facing a growing cybersecurity challenge as cybercriminals generate higher profits from increasingly sophisticated fraud schemes, even as the overall number of reported incidents declines. According to data cited by cybersecurity researchers, reported fraud cases in the country fell from approximately 124,000 in 2021 to 68,000 in 2025. However, the financial impact of these attacks has increased as criminals have focused on more valuable targets.
Nigeria’s rapid digital transformation has created new opportunities for businesses and consumers, but it has also attracted cybercriminal groups. According to Check Point Software, Nigerian organizations experienced an average of 4,361 attempted cyberattacks per week in June 2026, making the country one of the most targeted in Africa.
Hendrik de Bruin, head of security consulting in Africa at Check Point Software, described Nigeria’s attack levels as consistently elevated, with threat activity remaining well above the global average. He noted that attackers are increasingly focused on stealing credentials and gaining access to valuable systems rather than relying only on disruptive attacks.
The Nigerian government is working to strengthen national cybersecurity efforts through new frameworks focused on incident reporting, cybersecurity investment requirements, and greater collaboration between public and private organizations. Kashifu Inuwa, director general of the National Information Technology Development Agency (NITDA), said cybersecurity and cloud policies are key components of the country’s digital transformation plans.
Who is affected
Organizations across Nigeria’s financial, technology, and digital services sectors are facing increased risks from cybercrime. Digital payment providers, banks, and businesses handling customer information are particularly attractive targets because attackers can monetize stolen credentials, payment data, and account access.
Premier Oiwoh, managing director and chief executive of the Nigeria Inter-Bank Settlement System (NIBSS), warned that insider threats are contributing to larger financial losses. He highlighted risks including SIM swap fraud, account compromise, phishing, and malicious or accidental insider activity.
Smaller organizations are also vulnerable due to limited cybersecurity resources and insufficient employee training. Anna Collard, chief information security officer adviser for Africa at KnowBe4, emphasized that many businesses lack the security awareness programs needed to reduce human-driven risks.
Why CISOs should care
Nigeria’s cybersecurity trends reflect a broader global challenge: attackers are increasingly targeting identities, credentials, and business processes rather than simply attempting to disrupt systems.
For CISOs, the rise in profitable cybercrime highlights the importance of strengthening identity security, improving employee awareness, and ensuring effective incident reporting processes. Organizations that rely on digital payments, cloud services, and customer data must assume that attackers will continue looking for ways to exploit weak controls.
The gap between cybersecurity regulations and enforcement also demonstrates why companies cannot rely solely on government protections. Security leaders must build internal resilience through proactive monitoring, response planning, and continuous education.
3 practical actions
Strengthen identity protection: Implement stronger authentication controls, monitor credential misuse, and reduce opportunities for account compromise.
Improve employee security training: Regularly educate employees on phishing, social engineering, and fraud prevention to strengthen the human layer of defense.
Prepare for faster incident response: Establish clear reporting procedures, test response plans, and ensure teams can quickly identify and contain security incidents.


