News
Experts urge prevention-first security as Nigeria leads Africa in cyber threats
Nigerian organisations are now the most targeted by cybercriminals in Africa, facing the continent’s highest volume of weekly cyberattacks, according to the newly released African Perspectives on Cyber Security Report 2025 by Check Point Software Technologies Ltd., a global leader in cybersecurity solutions.
The report shows that Nigerian firms endure an average of 4,200 attacks per week, far above the African average of 3,153 and a staggering 60 per cent higher than the global average of 1,963 attacks per organisation.
The surge, according to the study, is being fuelled by the increasing deployment of artificial intelligence by cybercriminals, who are automating phishing, impersonation, identity theft, and cloud exploitation at unprecedented scale.
Country Manager for West Africa at Check Point, Kingsley Oseghale, described AI as “part of the attack surface,” warning that its use by cyber adversaries has accelerated the frequency and sophistication of threats facing Nigerian businesses and government institutions.
“Attackers are using AI to automate phishing and identity theft at scale,” he said.
“The only effective response is prevention-first security that combines visibility, governance, and AI protection.”
The report revealed that cybercriminals are exploiting exposed identities, misconfigured systems, and weak authentication processes across critical sectors such as finance, energy, telecommunications, and government.
It highlighted growing cases of identity-led intrusions, AI-generated phishing attacks, and multi-vector ransomware campaigns.
Across Africa, Check Point documented evolving threat patterns. Nigeria is grappling with business email compromise and cloud exploitation; South Africa is reporting rising ransomware, smishing, and botnet outbreaks linked to Vo1d and XorDDoS; Kenya has recorded ransomware attacks targeting energy infrastructure; while Morocco has suffered coordinated government and education-sector disruptions through DDoS and website defacement.
The report also identified five defining shifts shaping Africa’s cyber risk landscape in 2025.
These include the transformation of ransomware into data-leak extortion, the rise of AI-driven deception, the emergence of identity as the new digital perimeter, the growing economic impact of weak cybersecurity, and heightened regulatory expectations driven by frameworks such as the EU’s NIS2 Directive.
With digital vulnerability now linked to economic competitiveness and international market access, the authors warn that African organisations must treat cybersecurity not only as an operational requirement but as a strategic business imperative.
To mitigate the rising threats, the study recommends that businesses and governments adopt a prevention-first approach, conduct continuous risk assessments, strengthen regulatory compliance, and foster deeper public–private sector collaboration.
Oseghale stressed that as AI becomes integrated into everyday operations, corporate security systems must shift from reactive defence to predictive protection.
“The real challenge is not adopting new technology but securing the trust that underpins it,” he said.

Follow Us on Google Discover