Why Nigeria Is One of Africa’s Top Cybercrime Targets
Nigeria ranked among the most targeted countries for cyberattacks in Africa in November 2025, as rapid digital expansion continued to outpace cybersecurity readiness, according to a new Global Threat Intelligence report by Check Point Research.
The report found that organisations operating in Nigeria faced an average of 3,374 cyberattacks per week during the month. This placed the country second among the four African nations analysed, behind Angola, which recorded 4,251 weekly attacks per organisation. Kenya followed with 2,384 attacks, while South Africa recorded 1,863.
The findings highlight Nigeria’s growing exposure to cyber risks at a time when digital services are expanding rapidly across banking, education, government, and commerce. They also come despite a 13% year-on-year decline in cyberattacks across Africa as a whole, showing that Nigeria remains an outlier in the regional trend.
Globally, organisations faced an average of 2,003 cyberattacks per week in November. That figure marked a 3% increase from October and a 4% rise compared to the same period last year, underlining a steady escalation in cyber threats worldwide.
Digital growth brings new vulnerabilities
Nigeria’s position among Africa’s most targeted countries reflects the scale and speed of its digital transformation. Over the past decade, millions of Nigerians have moved online through fintech platforms, mobile banking, e-commerce, digital education, and government services.
These changes have driven financial inclusion and economic activity. They have also created a wider digital footprint that attackers can exploit.
Cybersecurity experts say the country’s rapid digitalisation has not been matched by equal investment in awareness, secure systems, and user education. As more people and businesses come online, attackers find more entry points.
“Our cybersecurity intelligence quotient is very low,” said Adewale Obadare, a digital trust expert in an interview. “We do not understand what needs to be done technically. We also do not understand the processes. The most dangerous part is the human element.”
According to Obadare, technology alone cannot protect systems when users lack basic understanding of cyber risks. He described human behaviour as the weakest link in cybersecurity, one that attackers exploit repeatedly.
Key sectors under pressure
The Check Point Research report identified government institutions, financial services firms, and companies in the consumer goods and services sector as the most targeted organisations across Africa in November.
In Nigeria, these sectors play a central role in daily life. Banks handle millions of transactions every day. Government agencies manage sensitive citizen data. Retail and service platforms rely heavily on uninterrupted digital access.
Globally, the education sector faced the highest volume of cyberattacks. Institutions recorded an average of 4,656 attacks per organisation per week, representing a seven per cent increase year-on-year. Government institutions followed with 2,716 weekly attacks, while associations and non-profit organisations experienced a sharp rise, reaching 2,550 attacks per week.
Universities and public institutions in Nigeria have increasingly become targets due to their large databases, limited security budgets, and open digital environments.
Ransomware tightens its grip worldwide
Ransomware remained one of the most damaging cyber threats globally in November, according to the report. There were 727 publicly reported ransomware incidents worldwide, marking a 22% year-on-year increase. North America accounted for 55% of reported cases, while Europe made up 18%.
Although Africa recorded fewer publicly disclosed cases, experts say ransomware continues to affect emerging markets, where incidents are often underreported.
Industrial manufacturing, business services, and consumer goods and services were the most affected industries globally. The most active ransomware groups during the month were Qilin, Clop, and Akira, which together accounted for a large share of victim disclosures.
While Africa experienced an overall decline in attack volumes, North America recorded a nine per cent increase, driven partly by intensified ransomware activity. Europe saw a slight decrease, while the Asia-Pacific region remained relatively stable.
The human cost behind the numbers
Cybercrime is not only a technical problem. It is also a deeply human one. Psychologists say cybercriminals succeed by understanding how people think, feel, and react under pressure. Messages are crafted to trigger urgency, excitement, or fear.
“All those cyber guys try to paint a big picture of what is desirable to you,” said Jeph Oluwagbemiga, a psychologist. “At that moment, you are not thinking properly. Later, you read it again and wonder how you clicked.”
Many victims only realise they have been scammed after money has been lost or personal data has been exposed. The emotional impact often includes shame, confusion, and regret, which can prevent reporting and delay response.
Weak applications and data exposure
Cybersecurity experts also point to insecure digital infrastructure as a major contributor to Nigeria’s risk exposure.
“There is a very high number of insecure applications collecting our data,” said Confidence Staveley, a cybersecurity expert. “The APIs powering many fintech and e-commerce applications are not secure.”
As more apps collect personal and financial data, weaknesses in design, testing, and protection make breaches more likely. Poor encryption, weak access controls, and outdated systems give attackers easy entry points.
The growing reliance on digital platforms means that a single vulnerability can expose thousands, or even millions, of users.
New risks from generative AI tools
Beyond traditional cyber threats, the report highlighted growing risks linked to the enterprise use of Generative Artificial Intelligence tools. According to Check Point Research, one in every 35 GenAI prompts submitted from enterprise networks globally in November posed a high risk of sensitive data leakage.
The report found that 87% of organisations that regularly use GenAI tools were affected by high-risk prompts. An additional 22% of prompts contained potentially sensitive information such as internal communications, customer data, proprietary code, or personal identifiers.
Organisations now use an average of 11 different GenAI tools each month. Many operate outside formal security governance frameworks, increasing the likelihood of accidental exposure.
Why Nigeria remains a prime target
Nigeria’s position as one of Africa’s most targeted countries for cyberattacks reflects a combination of rapid digital growth and weak cybersecurity maturity.
Over the past decade, a large chunk of Nigeria’s population has moved online through mobile banking, fintech apps, e-commerce platforms, digital education services, and government portals. This expansion has created a large and diverse digital footprint, giving cybercriminals more systems, users, and data to target at scale.
While digital access has grown quickly, cybersecurity awareness among users has lagged behind. Many individuals and small businesses lack basic knowledge of online safety, making them vulnerable to phishing messages, fake investment schemes, SIM swap fraud, and social engineering attacks. In many cases, victims do not fully understand how their data is used or how breaches occur.
Attackers have also become more sophisticated. The use of artificial intelligence has enabled cybercriminals to automate phishing campaigns, personalise scams, and increase success rates. These AI-driven threats allow attackers to reach thousands of victims at once, often bypassing traditional security filters.
Weak application security further worsens the problem. Many fintech and e-commerce platforms collect large volumes of sensitive data but rely on insecure application programming interfaces and limited security testing. These weaknesses create easy entry points for attackers seeking financial gain or valuable data.
Experts also point to the human factor as a critical vulnerability. Cybercriminals exploit fear, urgency, and financial pressure, manipulating users into making poor decisions that bypass technical defences.
Economic challenges add another layer of risk. High unemployment and poverty, and corruption can push some individuals toward cybercrime.
A growing sense of urgency
The scale and speed of cyberattacks facing Nigeria have created a growing sense of urgency among experts, businesses, and policymakers, who warn that delaying action will only deepen financial losses and erode public trust in digital systems.
Experts say the first line of defence must start with individuals and organisations. Basic cyber hygiene remains one of the most effective tools against attacks. This includes using strong and unique passwords, enabling multi-factor authentication, keeping software updated, and thinking carefully before clicking on links or opening attachments.
Organisations are also being urged to strengthen digital security at the technical level. This means encrypting sensitive data, securing endpoints such as laptops and mobile phones, deploying firewalls and antivirus tools, and backing up critical information regularly.
Financial platforms, in particular, must protect personal details such as PINs and card information to reduce fraud and identity theft.
Awareness remains a critical gap. Cybercriminals often rely on urgency, fear, or reward to pressure victims into making mistakes. Experts advise avoiding public Wi-Fi for sensitive transactions, downloading apps only from trusted sources, and questioning unexpected messages that demand immediate action.
At the national level, analysts say the government must move faster to strengthen the country’s cyber defences. This includes fully enforcing the Cybercrimes Act 2015 and the Nigerian Data Protection Act, while investing in modern tools such as artificial intelligence and machine learning to detect threats early.
Expanding national intelligence databases, strengthening Computer Emergency Response Teams, and funding initiatives like the National Cybersecurity Fund are seen as critical steps.
Stronger collaboration between government, regulators, and the private sector, including banks and telecom firms, could also help close security gaps and reduce Nigeria’s growing exposure to cybercrime.
