Cyberattacks expose the fragility of Nigeria’s digital economy as businesses face rising risks

Cyberattacks expose the fragility of Nigeria’s digital economy as businesses face rising risks

Nigeria’s ambition to build one of Africa’s largest digital economies is faced with a growing test as a wave of cyberattacks targeting banks, fintechs, government agencies, and digital platforms exposes vulnerabilities across the country’s expanding online ecosystem.

Over the past several months, allegations of data breaches involving payment processor Remita, Sterling Bank, and the Corporate Affairs Commission (CAC) have raised fresh concerns about the resilience of Nigeria’s digital infrastructure and the security of millions of personal and corporate records.

The incidents arrive at a pivotal moment for the country where digital payments, online banking, e-commerce, fintech services, and government portals have become central to economic activity, increasing Nigeria’s transition toward a technology-driven economy.

As adoption grows, so does the attack surface available to increasingly sophisticated cybercriminals. According to Surfshark, a cybersecurity company, Nigeria recorded approximately 281,500 leaked user accounts in the first quarter of 2026 alone, ranking the country as the 34th most breached globally.

Industry estimates suggest that as many as 80 million Nigerian data records may currently be circulating on dark web marketplaces and cybersecurity experts warn that the consequences extend far beyond individual data breaches.

“The future of data protection depends on proactive monitoring, user awareness and AI-driven security measures that help organisations stay ahead of cyber threats,” said Umanhonlen Gabriel, founder of Cyber Odyssey.

He noted that organisations must strengthen cybersecurity frameworks through closer coordination between security operations centres, network security teams and identity and access management units.

“There must be continuous review of the use of Shadow AI and Shadow IT within organisations, especially unauthorised tools and applications used by employees,” Gabriel said.

“Key measures should include blacklisting unauthorised applications, constant log monitoring, enforcing strong access controls, and conducting regular cybersecurity training to keep teams updated on evolving threats.”

The warning comes as regulators intensify scrutiny of recent incidents. The Nigeria Data Protection Commission (NDPC) is currently investigating allegations that customer and institutional data linked to Remita and Sterling Bank may have been exposed.

The commission is examining the scope of any compromised information, the risks posed to customers, and whether adequate security safeguards were in place.

In one of the more technically detailed incidents disclosed this year, a threat actor operating under ‘ByteToBreach’ allegedly gained unauthorised remote code execution access to Sterling Bank’s pilot infrastructure on March 18, 2026, by exploiting a publicly disclosed vulnerability in a React-based web application framework.

Security researchers said the flaw was patchable and could have been prevented through timely remediation. The Corporate Affairs Commission has also faced allegations of a significant cyber intrusion involving millions of company records.

The incident has raised concerns about the protection of corporate information and the integrity of the digital public infrastructure that underpins Nigeria’s business environment. For companies, the impact of cyberattacks increasingly extends beyond technical disruption.

As cyber threats continue to target businesses across Nigeria, Tolu Adesina, chief executive officer of Zirro, said many successful cyberattacks are driven less by sophisticated technology and more by weaknesses in business processes and operational controls.

Drawing from years of experience in Africa’s fintech sector, Adesina noted that poor access management, unmonitored systems, and unchecked operational practices often create vulnerabilities that cybercriminals exploit.

“Most cyberattacks don’t succeed because of sophisticated technology,” Adesina said. “They succeed because of gaps in how we run our businesses, from weak access controls and unmonitored systems to processes nobody stopped to question.”

According to Adesina, the lessons learned from the fintech industry have shaped Zirro’s approach to security as it builds a business operating system designed for African small and medium-sized enterprises (SMEs).

At Zirro, merchants rely on the platform to manage payments, customer information, and business operations, placing significant responsibility on the company to safeguard sensitive data and financial transactions.

“That’s a serious responsibility,” he said. “It’s taught us that security isn’t something you add when the product matures. It’s a decision you make at the very beginning.”

Adesina warned that while the growth of Nigeria’s digital economy is a positive development, rapid expansion without adequate safeguards could expose businesses and consumers to greater risks.

“Nigeria’s digital economy has grown quickly, and that’s worth celebrating. But growth without resilience creates risk,” he said.

He added that as the ecosystem matures, trust will become a key differentiator among digital platforms and technology providers.

For Adesina, trust remains the foundation upon which sustainable digital growth must be built. “That trust has to be built in,” he said. “It can’t be patched in later.”

A successful breach can trigger regulatory investigations, legal liabilities, reputational damage, and expensive remediation programmes. Businesses may also face customer attrition if confidence in their ability to safeguard personal and financial information declines.

Small and medium-sized enterprises (SMEs) are particularly exposed, as many have rapidly adopted digital banking, cloud software, and online payment platforms, but often lack dedicated cybersecurity personnel or enterprise-grade security systems.

As a result, SMEs frequently represent the weakest link in increasingly interconnected digital supply chains.

The financial implications are substantial as Cybercriminals have effectively industrialised ransomware, phishing, and digital fraud operations, creating what analysts describe as a mature underground economy.

Industry estimates suggest cybercrime costs Nigerian businesses more than N12 billion annually through direct losses, operational disruptions, and recovery expenses.

Recent incidents also reflect a broader trend as Nigerian organisations continue to face phishing campaigns, business email compromise schemes, ransomware attacks, distributed denial-of-service attacks, and dark web data leaks.

Financial institutions remain prime targets because of the high value of customer and transaction data they hold.