Nigeria is experiencing over 4,000 cyberattacks every week, according to the Nigeria Data Protection Commission (NDPC). These attacks caused financial losses of about 12 billion naira in 2024. The country accounts for 45% of reported cybercrime incidents in Africa. Around 90% of Nigeria's data is hosted abroad, raising concerns about security and control. Stronger regulation, better infrastructure, and user awareness are urgently needed to reduce risks.
Nigeria's Growing Digital Exposure
Nigeria's digital economy is expanding quickly but carries major security gaps. NDPC chief executive Vincent Olatunji noted that while the global digital economy is expected to hit about 28 trillion dollars by 2026, Nigeria's sector, estimated at about 18.3 billion dollars, contributes nearly 20% to GDP. This growth produces huge volumes of sensitive data every day. Olatunji emphasized that data is no longer just an asset; it has become critical infrastructure, and systems protecting it must grow at the same pace.
Cyberattacks Happening Constantly
Nigeria is now considered one of Africa's most targeted cybercrime environments. Attacks include phishing, ransomware, identity theft, business email compromise, and DDoS attacks targeting banks, telecoms, and government platforms. Olatunji warned that cyberattacks are now occurring every 39 seconds globally, and no economy dependent on digital infrastructure can afford to ignore this reality.
Heavy Reliance on Foreign Data Storage
A major concern is where Nigeria's data is stored. About 90% of national data is hosted outside Africa, leading to an estimated 850 million dollars annual spend on foreign cloud infrastructure. Experts say this raises issues around control, security, and national data ownership. Olatunji stated that data sovereignty is not optional; it determines who controls national information, who profits from it, and how secure citizens are in the digital space.
Infrastructure Still Catching Up
Nigeria currently has around 26 data centres with a combined capacity of 136.7 megawatts, projected to rise to 279.4 megawatts by 2030. Operators include Africa Data Centres, Rack Centre, MDXi (Equinix), and MTN Nxtra. But regulators say this is still not enough for growing technologies like AI, cloud computing, and IoT systems. Under the Nigeria Data Protection Act (NDPA) 2023 and GAID 2025 framework, stricter rules now apply, including breach reporting within 72 hours and mandatory audits for data handlers.
Regulation Is Necessary, Not Optional
Cybersecurity expert Peter Obadare says Nigeria's rapid digital adoption is also increasing exposure to attacks. He noted that when we talk about regulation, innovators think it is too much, but in cybersecurity, regulation is not excessive; it is necessary. He added that many breaches happen not because hackers are too advanced, but because systems are poorly secured or poorly designed.
What Nigerians Can Do to Protect Their Data
Beyond government policy, cybersecurity experts urge Nigerians to adopt simple habits to stay safe online. While regulators and companies work on infrastructure, individuals also have a big role to play. A lot of attacks actually start with simple human mistakes, not complex hacking. Here are practical steps Nigerians can take:
- Use strong, unique passwords: Avoid using the same password across banking apps, email, and social media. A password manager can help if it is too much to track manually.
- Turn on two-factor authentication (2FA): This adds an extra layer of security, especially for email, banking apps, and social platforms. Even if someone gets your password, they still cannot easily log in.
- Be careful with suspicious links and messages: Most phishing attacks come through SMS, WhatsApp, or email pretending to be banks, delivery services, or government agencies. If it looks urgent or too good to be true, it probably is.
- Keep apps and devices updated: Updates often include security fixes that block known vulnerabilities. Ignoring them leaves devices exposed.
- Avoid public Wi-Fi for sensitive transactions: Free Wi-Fi in public places can be unsafe for banking or logging into important accounts.
- Limit personal information online: The more details shared publicly on social media, the easier it is for scammers to guess passwords or craft targeted scams.
Nigeria's digital growth is not slowing down, but neither are cyber threats. Experts say the balance now depends on stronger systems, smarter regulation, and more informed users. In simple terms, security is no longer just the job of banks and government; it is something every user has to take seriously too.
