Cyber threats test Nigeria’s e-governance as hackers target NDPC 2,000 times

Nigeria’s push to digitise public services is increasingly exposing government institutions to cyber threats, with the Nigeria Data Protection Commission (NDPC) disclosing that hackers launched more than 2,000 attacks on its portal, forcing a temporary shutdown of its network.

Vincent Olatunji, national commissioner and chief executive officer of the NDPC, said the attacks underscored growing vulnerabilities in the country’s digital ecosystem as ministries, departments and agencies (MDAs) accelerate the adoption of online platforms.

According to him, cybercriminals are increasingly targeting government institutions for a variety of reasons, including financial extortion, disruption of services and attempts to undermine public confidence in state institutions.

“A lot of government organisations are being targeted recently. We have not seen any major impact on the economy or citizens’ data, but we do not have to wait until significant damage occurs before taking action,” Olatunji said.

The disclosure comes as the Federal Government intensifies efforts to deepen e-governance and expand digital service delivery across public institutions. Olatunji noted that Nigeria’s digitalisation drive, which gained momentum following the National Information Technology Policy introduced in 2001, has evolved into a broader agenda aimed at enabling seamless interaction between citizens, businesses and government agencies.

He revealed that plans are underway to fully digitalise 35 ministries within weeks, while more than 100 government agencies are already participating in various digital transformation initiatives.

Many MDAs, he said, have deployed platforms that allow citizens to access services remotely, reducing the need for physical visits to government offices. At the NDPC, for instance, licence applications, documentation and payments can now be completed online.

However, Olatunji warned that greater integration of government systems inevitably expands the attack surface available to cybercriminals.

“The reality is that these integrations are powered by multiple technologies. Once systems become interconnected, there is a higher likelihood that bad actors will target those networks,” he said.

The NDPC chief stressed that strengthening cybersecurity capabilities must become a critical component of Nigeria’s digital transformation agenda. He called for the development of skilled cybersecurity professionals capable of defending government infrastructure and safeguarding sensitive data.

According to him, the commission’s capacity-building initiatives are designed to support key pillars of its strategic roadmap, including human capital development, technology ecosystem growth and inter-agency collaboration.

Olatunji identified varying levels of e-governance maturity across MDAs, ranging from institutions that merely provide information online to those offering fully integrated and transactional digital services. He argued that data protection measures should be embedded from the outset rather than introduced after digital integration has been achieved.

Government institutions, he noted, are classified as data controllers under the Nigeria Data Protection Act (NDPA) because they collect and process personal information belonging to Nigerians and foreign residents.

He urged MDAs to implement the technical and organisational safeguards required by law to secure databases, digital platforms and critical information assets.

“Technology alone cannot secure systems. Skilled personnel are needed to manage and protect those systems effectively,” he said.

The commissioner also reported improvements in data privacy compliance across the public sector. Compliance levels, he said, have risen from about 4 percent when implementation efforts began to more than 20 percent today.

As awareness grows, many government institutions are now making budgetary provisions for privacy and data protection programmes, including the appointment of data protection officers and deployment of security controls.

To further strengthen compliance, the NDPC has expanded certification programmes and training initiatives for public-sector officials through its National Privacy Academy. Olatunji said the commission plans to extend capacity-building programmes to permanent secretaries and other senior government officials to deepen understanding of data protection obligations.

Speaking at the training programme, Tolulope Pius-Fadipe, head of research and development at the NDPC, said the initiative forms part of the commission’s strategy to build a resilient data protection framework across government institutions.

She noted that the programme aims to improve responsible data management practices, strengthen public trust and enhance the protection of sensitive government information.

Also speaking, Olorunisomo Isola, head of information technology and cybersecurity at the NDPC, said the workshop was organised in response to rising cyber incidents targeting public infrastructure.

According to him, participants will receive practical training on governance, risk and compliance, data protection impact assessments, encryption, cloud security, database security and cyber incident response.

The programme, he added, is expected to produce implementation plans that will help government institutions strengthen data protection governance, reduce cyber risks and improve compliance with the NDPA.

For policymakers, the attacks on the NDPC highlight a growing challenge facing Nigeria’s digital economy ambitions: ensuring that the expansion of online public services is matched by investments in cybersecurity capacity, data protection and institutional resilience.