Cybersecurity Races to Keep Pace with Expanding Tech in Nigeria

An email from a ‘John’ sits in my inbox, labeled as a message from a “dear friend” inviting me to participate in a renewable energy project. But without any clear details about John, his associate, or the project itself, my instincts tell me it could be one click away from compromising my data. As our lives migrate increasingly online, we’re left with a growing set of vulnerabilities. The Nigerian tech sector's rapid expansion has raised an important question: is cybersecurity growing fast enough to keep up?

Cybercrime in Nigeria is costly, with federal estimates suggesting it drains about N127 billion annually, roughly equivalent to Enugu State’s 2019 budget. For context, global cybercrime has reached an estimated $600 billion annually. Reports from Serianu estimated cybercrime cost Nigerian public and private sectors around N236 trillion in 2017 alone. Yet, despite these figures, Nigerian organizations remain underprepared, with over 55% of them skipping regular cybersecurity training for their teams.

Tolu, a Lagos-based web developer, points out that while banks can often contain breaches before they go public, smaller businesses remain vulnerable. Increasingly, payment platforms like Eyowo and industries like hospitality and retail are being targeted for their valuable data. Marriott International’s breach, which affected its premium guest database and exposed the personal details of half a billion guests, serves as a stark reminder of the data risks faced by Nigerian companies.

The Challenges: Skills, Funding, and Awareness

Despite the expanding digital economy, Nigeria ranks second in Africa for cyber-attack vulnerability due to funding limitations, skill shortages, and lack of awareness. Organizations spend, on average, only $1,500 annually on cybersecurity, a meager amount that leaves many small businesses well below the “cybersecurity poverty line” identified by Serianu. Tolu’s company, for example, spends roughly $200 monthly on security measures—hardly enough to address emerging threats adequately.

Talent scarcity compounds this issue. Nigeria has only 1,800 certified cybersecurity professionals—far too few for the demand. While some institutions like FUTA and FUT Minna have added cybersecurity courses, the country still lacks comprehensive training programs, making it difficult for companies to find qualified personnel.

The Way Forward: Building a Proactive Cybersecurity Culture

Cybersecurity in Nigeria must shift from reactionary measures to a proactive stance. Regular audits and security risk assessments, which many companies lack, could help prevent incidents rather than respond to them. Following Arik Air’s data breach, it took a month to secure the exposed information—a lag that underscores the need for faster responses. Internationally, delayed reactions in cases like Equifax, which took 76 days to detect a breach, show the importance of a timely response.

Cybersecurity conferences and hackathons are also crucial for skill development and awareness. Events like Secure Lagos and the Cyber Security Challenge encourage engineers to showcase their skills, promote cybersecurity innovation, and keep the industry up-to-date with global trends. Continued investment in these events by government agencies and private organizations will help Nigeria’s tech sector build stronger defenses as it expands.

With cyber threats now a top global risk, Nigeria’s expanding digital economy needs cybersecurity to catch up—and fast. By investing in talent, increasing cybersecurity budgets, and fostering a culture of vigilance, Nigerian businesses can secure their future in the global digital landscape.