- Nigeria faces 4,200 cyber attacks weekly, highest in Africa.
- AI-generated phishing and exposed identities drive intrusions.
- Cloud misconfiguration, BEC scams and ransomware dominate breaches.
- Report urges prevention-first cyber security and stronger regulations.
Nigeria has taken an uncomfortable lead in Africa’s cyber threat landscape, recording the continent’s highest weekly number of cyber attacks per organisation; 4,200 attempted breaches every seven days, far above the African average of 3,153 and nearly double the global benchmark of 1,963 attacks.
The findings are detailed in the African Perspectives on Cyber Security Report 2025 compiled by global cyber security firm Check Point Software Technologies. The report shows that Nigerian networks are being hit aggressively through identity-based attacks, AI-generated phishing emails, Business Email Compromise (BEC), and multi-vector ransomware deployments.
ATTENTION: Click “HERE” to join our WhatsApp group and receive News updates directly on your WhatsApp!
READ ALSO: CBN Reviews Cash Withdrawal Rules, Enforces New Fees in January 2026
According to the study, sectors such as banking, energy, telecommunications and government services remain the most vulnerable. Attackers are exploiting misconfigured cloud environments, exposed login details, and unsecured administrative access points. Business Email Compromise and cloud exploitation were identified as the two most dominant entry points in Nigerian breaches.
Lorna Hardie, Regional Director for Africa at Check Point, warned that artificial intelligence has changed the threat landscape permanently.
“AI has become part of the attack surface. Attackers are using it to automate phishing and identity theft at scale. The only effective response is prevention-first security that combines visibility, governance, and AI protection,” she said.
The report also tracked cyber trends across other African regions. South Africa, for instance, is dealing with increasing ransomware, smishing and botnet infections linked to variants like Vo1d and XorDDoS. Kenya has faced ransomware attempts on its national energy grid, while Morocco has recorded waves of DDoS attacks on public institutions and academic platforms.
Traditional ransomware is evolving, the report notes, with criminals now preferring data-leak extortion, threatening to publish or sell stolen information rather than simply encrypt it. Identity theft continues to be one of the most exploited weaknesses, marking identity itself as the new security perimeter.
The study further notes that regulatory compliance may soon determine who can trade on the global stage. With frameworks like the EU’s NIS2 Directive tightening minimum security requirements, African institutions that lack modern protection risk being locked out of certain international markets.
READ ALSO: No Negotiation, No Ransom to Terrorists — Defence Minister Musa
Check Point’s final recommendation was direct, Africa must not only digitise but secure. It urged governments, banks, technology companies and telecom operators to increase cyber security investment, strengthen cloud governance, and adopt predictive intelligence instead of reactive defence.
In Hardie’s words: “The real challenge is not adopting new technology but securing the trust that underpins it.”
