Nigerian businesses are now operating in one of the most hostile cyber environments on the continent, as new research shows the country recording the highest volume of cyberattacks in Africa. 

The African Perspectives on Cyber Security Report 2025 by Check Point Software Technologies reveals that organisations in Nigeria face an average of 4,200 attempted cyber intrusions every week, far exceeding the continental average of 3,153 and standing about 60 percent higher than the global weekly figure of 1,963 attacks per organisation.

The sharp escalation reflects a broader rise in digital crime across Africa, fuelled largely by the growing use of artificial intelligence by cybercriminal networks. According to Check Point, attackers now rely on automated tools to scale phishing schemes, impersonation campaigns, and cloud-based breaches, increasing both the frequency and sophistication of attacks.

Kingsley Oseghale, Country Manager for West Africa at Check Point, said artificial intelligence has effectively become part of the modern threat landscape. “AI has become part of the attack surface,” Oseghale said. “Attackers are using it to automate phishing and identity theft at scale. The only effective response is prevention-first security that combines visibility, governance, and AI protection.”

Also Read: Loud vs low-key: The flex always blows the cover

The report shows that Nigerian organisations are particularly targeted through business email compromise schemes and cloud exploitation tactics, methods that prey on exposed identities and weak system configurations. 

Financial institutions, energy companies, telecommunications operators, and government agencies feature prominently among the most vulnerable sectors, as cybercriminals increasingly focus on services that handle sensitive data or critical infrastructure.

Across Africa, the pattern of attacks varies by market. While Nigeria contends mainly with identity-based fraud and cloud exploitation, South Africa has recorded a surge in ransomware incidents, smishing scams, and botnet infections such as Vo1d and XorDDoS.

Kenya has seen rising ransomware campaigns targeting energy facilities, while Morocco has experienced coordinated attacks on government institutions and education platforms through denial-of-service assaults and website defacement.

The Check Point report identifies several shifts reshaping Africa’s cyber risk landscape in 2025. Traditional ransomware operations are evolving into data theft and blackmail extortion models, while AI-generated deception campaigns have become increasingly mainstream. Digital identity has emerged as the new security perimeter, replacing the older focus on network boundaries as the primary point of defence.

Beyond technical disruption, the economic consequences of cyber insecurity are becoming harder to ignore. The study warns that weak cybersecurity controls could restrict international commercial partnerships, particularly under regulatory frameworks such as the European Union’s NIS2 Directive, which requires companies within European supply chains to demonstrate strong digital risk management practices. For African firms, cybersecurity is therefore no longer only a technical responsibility but also a business survival requirement.

The report urges governments and organisations to adopt prevention-first security strategies that prioritise continuous risk evaluation, regulatory readiness, and collaboration between public institutions and private operators.

Oseghale said cybersecurity must move beyond reacting to attacks after they occur. “The real challenge is not adopting new technology but securing the trust that underpins it,” he said.

Meiza Nigeria