Human error fuelling surge in Nigeria’s cyberattacks — Expert

Cybersecurity expert Toluwani Akinniyi, in an interview with JUSTICE OKAMGBA, discusses how Africa’s most populous nation is witnessing a surge in cyberattacks driven largely by social engineering and human error

NIGERIA has seen an uptick in cyberattacks aimed at banks, government institutions, and private citizens. What would you identify as the most urgent cybersecurity threats at the moment?

The most pressing threats Nigeria faces today revolve around human behaviour, not just technology. Social engineering, ransomware and insider risks top the list. As our digital adoption accelerates, especially across banking and government services, our exposure is growing even faster than our defences can keep up.

Cybercriminals have mastered the art of exploiting emotions. Messages such as “Your account has been restricted”, “Salary upgrade approved”, or “Complete your KYC” trigger quick reactions. These attacks succeed because they target people, not devices. Coupled with weak identity controls and slow incident response, the real danger becomes the erosion of public trust in digital systems.

What are the strengths and weaknesses of Nigeria’s cybersecurity framework?

Nigeria has made meaningful progress with the Cybercrime Act and the National Cybersecurity Policy. These frameworks provide a solid foundation. However, the real challenge lies in how consistently these policies are enforced. Many organisations still operate in silos, and coordination across sectors remains uneven. The laws are not the problem; the execution is. Strengthening capacity, clarifying accountability and ensuring better public–private collaboration remain the key gaps.

How can Nigerian businesses bolster their defenses and formulate a response to the growing prevalence of ransomware?

Ransomware has become a digital pandemic, and recovering from it is far more expensive than preventing it. Nigerian organisations need to rethink their approach by prioritising strong data backups, testing those backups regularly, enforcing multi-factor authentication and adopting real-time monitoring tools.

Continuous staff awareness is crucial. Cybercriminals prey on human error. Organisations and regulators must also share information more openly. When one institution is attacked, the lessons should help protect others. Ransomware is ultimately a business continuity issue, not just an IT one.

Are Nigeria’s cybercrime laws sufficient? What reforms are needed?

The Cybercrime Act was a step in the right direction, but cybercriminals have advanced beyond what the law currently covers. Today, we are dealing with deepfakes, AI-powered phishing scams, cryptocurrency-enabled fraud and cloud-based breaches.

Our laws need updating to reflect the evolution of cybercrime. Digital forensics capabilities also need serious strengthening so law enforcement can keep pace. More importantly, the judiciary needs training to understand modern cyber threats. A law only works when those who enforce it fully understand the ecosystem.

How important is public awareness in combating cyber threats?

Public awareness is arguably the strongest defence Nigeria has. Technology alone is not enough if people continue clicking on the wrong links or sharing sensitive information carelessly.

Cyber literacy needs to become part of everyday life in Nigeria, integrated into schools, workplaces and communities. Using local languages, relatable examples and public influencers can help make cybersecurity understandable and relevant. People protect what they understand, and right now, understanding is our biggest gap.

How can collaboration between government, telcos and tech companies improve cybersecurity?

Cybersecurity requires teamwork. Government agencies, telcos and tech companies all have different strengths, and when combined, they create a national defence system that is much harder to infiltrate. The government must facilitate an environment where organisations can share threat intelligence safely and quickly. Telcos provide network visibility, while tech companies bring innovation and cutting-edge tools. If these sectors work together through joint cyber drills and coordinated regulations, Nigeria’s cyber resilience will increase dramatically.

What new risks should we worry about, with AI and cloud adoption on the increase?

AI and cloud technologies are transforming business, but they bring new risks. AI can now generate extremely convincing phishing messages or deepfake content, while cloud breaches often stem from simple configuration mistakes. To manage these risks, organisations must adopt AI governance frameworks, embrace zero-trust security models, continuously monitor cloud environments, and ensure that engineers understand not just how to deploy cloud services but how to secure them. We cannot adopt these technologies faster than we secure them.

How can election systems and national databases be protected against cyber threats?

Protecting election systems is about safeguarding both technology and public confidence. Securing voter databases, ensuring transparent transmission systems, and conducting independent cybersecurity audits are essential steps. Cyber interference does not always aim to change votes; sometimes it simply aims to create doubt. Managing misinformation is therefore just as important as protecting the technical infrastructure. A secure election is one where people trust both the process and the result.

Closing thoughts

Cybersecurity is much more than a technical discipline; it is a national development priority. Nigeria’s digital future depends on how well we secure the systems, people and processes that power our economy and society. If we get cybersecurity right, we not only defend ourselves from threats but also position Nigeria as a leader in Africa’s digital transformation. Digital trust is the true currency of the modern world.