Nigeria's digital landscape faced an unprecedented storm in the third quarter of 2025, with cyberattacks reaching record-breaking levels. A new security report has revealed a shocking escalation in data breaches targeting organisations across the country.
Unprecedented Surge in Digital Assaults
According to findings from essentry’s Eagle’s Eyes platform, Nigeria witnessed a dramatic spike in cyber incidents between July and September 2025. The data shows that cyberattacks jumped by a staggering 1,047 percent compared to the previous quarter. This period marked a defining moment in the scale and complexity of digital threats facing the nation.
On average, the country recorded more than 6,100 cyberattacks every week in July, a relentless pace that continued throughout the entire quarter. Sectors holding high-value data, particularly the fintech industry, found themselves squarely in the crosshairs of these sophisticated attacks.
Identity: The New Weakest Link
The report uncovered a critical shift in attacker tactics. Instead of exploiting software vulnerabilities, intruders are now predominantly using valid login credentials to breach corporate networks. These credentials are often harvested from old data leaks or belong to former employees whose access was never properly revoked.
Digital forensics experts found multiple cases where dormant service accounts, outdated identity tokens, and forgotten login rights created easy entry points. Once inside, attackers blended into normal user activity, established persistence, and prepared for large-scale data extraction without raising immediate alarms.
Gbolabo Awelewa, essentry’s Chief Business Officer, noted that the threat environment now reflects organised, identity-driven campaigns rather than random cybercrime. He explained that this shift signals a new, more challenging stage for Nigeria's cybersecurity defences.
A Global Trend with Local Intensity
While identity-focused attacks are rising worldwide, the report indicates Nigeria experienced this change with unusual force. The nation's rapid digitisation, combined with gaps in access control and inconsistent employee off-boarding processes, created perfect conditions for attackers to exploit.
This alarming trend is part of a broader pattern of financial system fraud. In a related development, Access Bank reported a massive ₦1.64 billion ($1.13 million) loss to fraud in the first half of 2025, a sharp 254% increase from the previous year.
In response to the rising fraud, the Central Bank of Nigeria (CBN) has introduced a new framework forcing banks and fintechs to handle complaints faster. The draft guideline mandates that customers report suspected fraud within 72 hours, while financial institutions have a 16-working-day window to investigate and refund victims.
The Path Forward for Nigerian Cybersecurity
The report forecasts that identity-based intrusions will dominate Nigeria's cyber threat landscape in the coming year. It urges organisations to urgently re-examine their security frameworks, improve ongoing identity monitoring, and adopt tools that can detect suspicious credential use before major disruption occurs.
The conclusion is clear: Nigeria's cyber resilience now depends on how quickly institutions acknowledge that identity has become the new security perimeter. Strengthening oversight of identity systems is no longer optional but a critical necessity to match the scale of the evolving threat.
