Nigeria has warned of a growing wave of coordinated cyber threats targeting its financial systems and critical digital infrastructure, urging organisations to urgently strengthen their data protection frameworks or face legal consequences.
The Nigeria Data Protection Commission (NDPC) said in a regulatory advisory that its technical assessment had uncovered operations by shadowy threat actors aimed at compromising sensitive systems across the country.
The warning highlights increasing pressure on Africa’s largest economy to secure its fast-growing digital ecosystem, where financial services, government platforms and cloud-based systems are becoming prime targets for cybercriminals.
The Commission called on all data controllers and processors, including government ministries and agencies, to step up both technical and organisational safeguards in line with the Nigeria Data Protection Act 2023.
“Organisations must urgently implement stronger security measures to protect the privacy of Nigerians,” the NDPC said, adding that failure to comply could result in legal liabilities.
The advisory follows a presidential directive by Bola Ahmed Tinubu, who described data as the new oil and ordered public institutions to rigorously capture and safeguard information under the country’s data protection framework.Rising risks, weak defences.
Nigeria’s digital economy has expanded rapidly in recent years, driven by fintech growth, increased internet penetration and cloud adoption. But analysts say security investment has not kept pace, leaving vulnerabilities across both public and private systems.
The NDPC outlined a broad set of measures organisations must adopt, including appointing certified data protection officers, conducting data impact assessments, and deploying stronger identity controls such as multi-factor authentication.
It also urged the adoption of more advanced frameworks such as zero-trust architecture, continuous system monitoring, encryption protocols, and regular vulnerability testing.
Cybersecurity experts say such measures are critical as attackers shift from opportunistic hacks to more coordinated and sophisticated campaigns targeting high-value infrastructure.
Financial systems in focusThe mention of financial systems as a target signals potential risks to Nigeria’s banking and fintech sectors, which process billions of naira daily and underpin much of the country’s digital transactions.
A breach in such systems could undermine trust in digital payments and slow the country’s push toward a cashless economy.
Compliance pressure risesThe NDPC said it stands ready to provide regulatory support to organisations but made clear that enforcement would be strengthened.
The warning suggests a shift from awareness to stricter compliance, as authorities move to operationalise the data protection law enacted in 2023.
For many organisations, especially smaller firms and public institutions, the challenge will be balancing the cost of implementing advanced security systems with growing regulatory expectations.
However, industry observers say the cost of inaction could be far higher, particularly as cyberattacks become more frequent and more damaging.
The advisory signals that Nigeria is entering a more enforcement-driven phase of its data protection regime, where compliance is no longer optional but a core requirement for operating in the digital economy.
Join BusinessDay whatsapp Channel, to stay up to date
Open In Whatsapp
