AS Nigeria races deeper into the digital era, with millions relying daily on online banking, mobile payments, fintech platforms, cloud services, business registration portals, streaming applications and social media networks, an unsettling threat is quietly growing beneath the surface of the country’s technological expansion. What was once celebrated as a rapid digital revolution is increasingly becoming a battlefield for cybercriminals targeting sensitive personal, financial and institutional data.
In recent weeks, a string of cyber-related incidents involving some of Nigeria’s most critical institutions has intensified concerns over the country’s fragile cybersecurity architecture. From allegations of data breaches affecting major financial and regulatory organisations to fresh warnings from top government agencies over hacking attempts and fraudulent online activities, the developments have exposed worrying cracks in Nigeria’s ability to safeguard sensitive information in an increasingly interconnected society.
The warning signs are becoming impossible to ignore. As internet penetration deepens and billions of gigabytes of data flow daily across Nigeria’s digital ecosystem, experts fear that weak enforcement, poor cybersecurity culture and inadequate protection systems may be leaving millions of Nigerians vulnerable to fraud, identity theft and other emerging cyber threats.
In this weekend feature, News Point Nigeria examines Nigeria’s growing cybersecurity crisis, the rising wave of digital attacks targeting institutions and citizens, the dangerous gaps within the country’s data protection framework, and how unchecked cyber vulnerabilities could ultimately affect millions of homes, businesses and the nation’s digital future.
Two weeks ago, the Corporate Affairs Commission disclosed that it was reviewing a cybersecurity incident involving unauthorised access to certain aspects of its information systems, triggering widespread concern among stakeholders over data protection and digital security.
In a statement sent to News Point Nigeria late on a Wednesday evening, the commission attempted to calm public anxiety by clarifying that the breach affected only “limited aspects” of its systems.
“The Corporate Affairs Commission (CAC) is currently reviewing a cybersecurity incident involving unauthorised access to limited aspects of its information systems,” the statement read.
The commission explained that it immediately activated its internal response mechanisms upon discovering the intrusion and had commenced collaboration with the National Information Technology Development Agency and other relevant government institutions and partners to determine the full extent and implications of the attack.
According to the CAC, containment measures had already been deployed, while additional safeguards were introduced to strengthen system protection and prevent further vulnerabilities.
Even as investigations continued, the commission urged users of its online portal to take precautionary measures by updating passwords, monitoring their records closely and remaining vigilant against suspicious messages or unsolicited communications. The commission further assured stakeholders that it remained committed to safeguarding the integrity of its database and would continue providing updates as more details emerged.
However, the CAC incident was not isolated.
Barely days later, the Central Bank of Nigeria issued another public warning over rising cyber threats targeting Nigerians.
News Point Nigeria reported that the apex bank disclosed that cybercriminals were circulating fake emails and fraudulent online messages falsely claiming to originate from the bank in attempts to gain access to personal accounts and sensitive information.
In a statement signed by the Acting Director of Corporate Communications, Hakama Sidi Ali, the CBN warned Nigerians to remain vigilant against deceptive communications carefully designed to trick unsuspecting users.
According to the bank, the fraudulent messages often contained suspicious links and false information concerning the bank’s leadership, licensing processes and policy decisions.
“The official website of the Central Bank of Nigeria remains www.cbn.gov.ng. Members of the public are strongly advised to refrain from clicking links or sharing personal information on suspicious websites,” the statement read. “Verify the authenticity of all CBN communications through the official website and recognised media outlets.
“Report any suspected fraudulent site, email, or message to law enforcement authorities.”
The apex bank reiterated that it was strengthening cybersecurity frameworks in collaboration with relevant agencies to safeguard the integrity of Nigeria’s financial system.
The warnings from both institutions came amid rising anxiety over the frequency of cyber incidents targeting Nigeria’s public and financial sectors.
Before the CAC breach became public, the Nigeria Data Protection Commission had already launched investigations into an alleged data breach involving Remita Payment Services Limited, Sterling Bank and other entities.
For cybersecurity experts, the pattern is deeply troubling.
One of those raising alarm is Wale Adewale Edun, a senior information security consultant with more than three decades of experience in cybersecurity, data protection and corporate governance.
Speaking in an interview, Edun warned that incidents of data breaches across Nigeria’s institutions are exposing dangerous weaknesses within the country’s digital protection systems. “In recent months, there has been a surge in attacks on Nigerian organisations,” he said.
“These actors are not just targeting one sector. They are going after government agencies, financial institutions, telecoms companies and private organisations.”
According to him, one of the most worrying aspects of Nigeria’s cybersecurity environment is the culture of secrecy surrounding breaches.
“Very few of these breaches are properly reported,” he said. “And when they happen, the public is often left in the dark.”
Edun explained that while cyberattacks are now a global challenge, Nigeria’s situation has become especially concerning because of weak enforcement mechanisms and the scale of potential exposure.
“The global environment today shows that access to data is a major tool in modern conflict,” he warned.
“When sensitive personal and institutional data is exposed, it creates vulnerabilities that go far beyond the individual.”
The implications, he stressed, extend beyond financial fraud.
Personal identifiable information including names, dates of birth, addresses, financial records and phone numbers can be weaponised for identity theft, blackmail, cybercrime and broader security threats.
And with Nigeria’s digital adoption growing rapidly across sectors such as banking, telecommunications and government services, the volume of sensitive data circulating daily has expanded dramatically.
Edun believes many Nigerians may already be vulnerable without fully understanding the risks. “If critical data from institutions is compromised, the damage is not limited to those organisations,” he said. “It affects everyone connected to them.”
Yet despite these dangers, many organisations continue to advertise themselves as compliant with global data protection standards. For Edun, however, there is a dangerous difference between appearing compliant and actually being secure.
“There is a difference between being compliant on paper and actually being secure,” he said.
According to him, many organisations treat cybersecurity as a mere “tick-box exercise”, focusing on obtaining certifications rather than building sustainable systems capable of resisting evolving threats. “An organisation can pass an external audit today and still be breached tomorrow,” he explained. “Certification does not guarantee security.”
He noted that external audits are often announced in advance, allowing organisations to temporarily prepare ideal conditions for inspectors. “The auditor sees what the organisation wants them to see,” he said. “That does not mean the systems are secure at all times.” This disconnect between compliance and actual operational readiness, he argued, is one of the most dangerous weaknesses within Nigeria’s digital ecosystem.
Ironically, Nigeria already possesses laws and regulatory structures designed to protect citizens’ data. The country has the Nigeria Data Protection Act and institutions such as the NDPC overseeing compliance. But according to Edun, the real challenge is not the absence of regulations. “The regulation is there,” he said. “What is missing is enforcement.”
He criticised what he described as delayed investigations and the absence of visible sanctions against organisations that fail to protect user data adequately. “With the number of incidents we have seen, there should have been clear outcomes by now,” he said. “Investigations should be concluded, findings published and penalties applied where necessary.”
Another major concern, according to Edun, is Nigeria’s poor culture of disclosure after cyber incidents occur. Under existing regulations, organisations are expected to inform both regulators and affected users whenever breaches occur. But Edun said this rarely happens.
“Customers are supposed to be informed if their data is compromised,” he said. “But in Nigeria, that almost never happens.”
As Nigeria pushes aggressively towards a digital economy, the stakes are becoming higher.
From mobile banking and fintech platforms to business registration systems and telecommunications networks, enormous volumes of sensitive information are now stored digitally every day.
The urgency of the conversation becomes even more significant when viewed against Nigeria’s exploding internet usage figures.
According to data from the Nigerian Communications Commission, Nigerians consumed more than four billion gigabytes of internet data in the first quarter of 2026 alone.
Total data consumption reached 4.06 million terabytes between January and March, surpassing the previous quarterly record of 3.86 million terabytes recorded in late 2025. March alone accounted for 1.42 million terabytes, making it the busiest month ever recorded.
Internet subscribers also rose by more than 650,000, reaching 153.82 million by March, while total telecom users climbed to 185.7 million. The surge reflects Nigeria’s growing reliance on streaming services, mobile banking, online learning, social media and digital commerce. To sustain this growth, telecom operators have embarked on massive infrastructure investments.
MTN Nigeria reportedly invested around N1 trillion in network upgrades last year, while Airtel Nigeria committed hundreds of millions of dollars towards expanding infrastructure. Globacom also expanded its fibre network footprint nationwide.
According to the Executive Vice Chairman of the NCC, Aminu Maida, more than $1 billion will be invested in telecom infrastructure this year alone.
He explained that the sector is beginning to recover from years of underinvestment that contributed to current network congestion and service quality issues.
While 2G and 3G networks continue losing relevance, 4G now accounts for nearly 54 percent of all connections, while 5G adoption is gradually rising in cities such as Lagos and Abuja.
Yet despite infrastructure improvements, Nigerians continue complaining about network congestion, poor service quality and inconsistent internet speeds.
Maida acknowledged that improving user experience remains challenging because rising data consumption often overtakes network upgrades.
“As network performance improves, users consume more data,” he explained, noting that high-bandwidth services such as video streaming and social media are placing enormous pressure on existing infrastructure.
According to him, sustainable improvement will require building excess capacity rather than merely responding to current demand.
Still, while the telecom sector races to meet Nigeria’s growing digital appetite, cybersecurity experts fear the country may be expanding its digital economy faster than it is securing it.
As Nigeria’s digital economy expands at breathtaking speed, the country now faces a defining question.
Can its institutions secure the vast ocean of personal and financial data flowing daily across networks, banks, telecoms systems and government databases?
Or will repeated breaches continue exposing millions of Nigerians to growing digital dangers in a rapidly evolving cyber battlefield?