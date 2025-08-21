The acceleration of digital transformation across Nigeria presents unparalleled opportunities for economic development. To fully harness this potential, establishing a secure environment where sensitive data is protected is imperative, Abolaji Adebayo writes

A thriving digital economy, characterized by innovative fintech solutions and widespread internet use, requires unwavering confidence from its users. The threat of data breaches poses a direct risk to this confidence, potentially stalling innovation and deterring investment.

By prioritizing and implementing comprehensive data security protocols, Nigeria can not only mitigate risks but also foster a climate of trust that is essential for long-term, inclusive digital growth. Analysts have explored Nigeria’s current data security landscape, identified challenges, and outlined actionable strategies to prevent breaches, ensuring a safer digital ecosystem.

Data breaches

Nigeria’s digital economy is thriving, with mobile penetration at 82% and over 154 million internet users. However, this growth has attracted cybercriminals. In 2023, the Nigerian Communications Commission (NCC) reported a 45 per cent increase in cyberattacks, targeting sectors like banking, healthcare, and government. High-profile breaches include the 2023 leak of bank customer data and the sale of NIMC biometric records on the dark web.

The financial sector, particularly fintech startups, remains vulnerable due to rapid digitization outpacing security infrastructure. Despite the Nigeria Data Protection Regulation (NDPR) 2019 and the 2023 Data Protection Act, enforcement gaps persist, leaving organizations exposed.

Nigeria recorded over 119,000 leaked data breaches in the first quarter of 2025, according to the latest global data breach report from cybersecurity firm Surfshark. This places the country 34th worldwide in terms of the number of breached accounts. A data breach means that an intruder copied and leaked user data such as names, surnames, email addresses, passwords, etc.

However, while the figure for Nigeria may appear alarming, it actually reflects a sharp decline in breach activity compared to previous quarters. Surfshark’s analysis indicates an 85% drop in the number of leaked accounts in Nigeria from Q4 2024 to Q1 2025, in line with a global trend that saw leaked accounts plunge 93 per cent year-on-year, from 973.7 million in Q1 2024 to just 68.3 million in Q1 2025.

Challenges

Some factors have been identified as the major challenges popping up in the course of preventing data breached. These include inadequate legal enforcement, cybersecurity skills shortage, deficit of trained professionals, financial constraints, low public awareness, insider threats, outdated infrastructure.

According to experts, while the NDPR and 2023 Act provide frameworks, regulatory bodies like the Nigeria Data Protection Bureau (NDPB) lack resources for nationwide enforcement. They noted that many organizations, especially SMEs, view cybersecurity as a cost burden, and lack the financial capacity to tackle the menace.

There are also low public awareness as citizens often unknowingly compromise data through phishing scams or weak passwords. Employees mishandling data intentionally or accidentally remain a critical risk. Outdated infrastructure is also a challenge, legacy systems in banks and government agencies are easy targets for hackers due the state of the infrastructure.

Efforts

As part of the efforts towards curbing the incessant data breach, the Federal Government has launched the Nigeria Virtual Privacy Academy, a new digital training platform designed to deepen data protection and privacy practices across the country’s public and private sectors.

The initiative was unveiled by Minister of Communications, Innovation and Digital Economy, Dr. Bosun Tijani, at the 8th annual conference of the Network of African Data Protection Authorities (NADPA), which kicked off in Abuja last Tuesday.

Speaking at the event, Tijani described the academy as a key part of Nigeria’s broader strategy to harness the benefits of a digital economy by equipping stakeholders with the tools and knowledge to navigate the evolving landscape of data governance. “As we digitise government services, open up digital trade corridors, and scale digital identity platforms, data becomes the backbone and data protection, the shield,” Tijani said.

Training

He added that the academy would provide Nigerians with virtual access to practical training on data protection principles and cyber identity, essential components for building trust in digital platforms. The Minister also announced the creation of a Digital Trade Desk, a one-stop platform to help Nigerian tech-enabled businesses access global markets and drive digital exports.

Preventing data breaches in Nigeria demands a multi-layered approach, which includes stringent laws, technological investment, education, and collaboration

Also speaking at the conference, Vice President Kashim Shettima, represented by Senator Ibrahim Hadejia, said Nigeria remained committed to the full implementation of the Nigeria Data Protection Act (NDPA) 2023. He described data as more than just a digital asset, calling it “a human story told in numbers” and a foundational tool for building economic trust.

“As Africa expands its digital exchanges, the ability to share data securely and lawfully will determine how well we thrive in the global economy,” he noted. The Vice President urged African nations to use the NADPA platform to shape a continent-wide consensus on data governance, one that respects individual rights and promotes shared values.

Progress

Also speaking at the conference, National Commissioner of the Nigeria Data Protection Commission (NDPC), Dr. Vincent Olatunji, highlighted Nigeria’s recent milestones in data governance. According to him, the Commission has conducted over 5,000 compliance assessments, initiated 223 investigations, and taken 12 organisations through remediation.

He noted that within two years, the NDPC had generated over $1.2 million in revenue from registration, audit filing, and compliance fees. “We’ve signed MOUs with data protection authorities across Africa and are creating a regulatory environment that encourages innovation while safeguarding citizens,” he added.

Olatunji called on other African countries yet to enact data protection laws to do so, stressing that “strong data protection frameworks are not barriers to innovation, but enablers of a resilient and inclusive digital economy.” The three-day NADPA conference, themed “Balancing Innovation in Africa: Data Protection and Privacy in Emerging Technologies,” brought together representatives from over 30 African countries, as well as participants from Europe, Asia, the Middle East, and the US.

Also present was Ms. Inga Stefanowicz, Head of Green and Digital Economy at the European Union Delegation to Nigeria, who reaffirmed the EU’s commitment to supporting Africa’s data protection frameworks. Chairperson of NADPA, Mr. Iro Adamou, represented by Vice President, Mrs. Immaculate Kassiat, emphasized the importance of collective responsibility in protecting personal data in Africa’s rapidly digitizing landscape.

Strategies

Meanwhile, experts have proffered some strategic approaches that could help in preventing data breach. According to them, there is a need to strengthening legal and regulatory frameworks. “The 2023 Data Protection Act is a milestone, but implementation is key. The NDPB must collaborate with agencies like NITDA to enforce compliance, penalize violators, and incentivize best practices.

Regular audits and mandatory breach reporting can enhance accountability. “Building robust cybersecurity Infrastructure. Organisations should adopt frameworks like ISO 27001 and invest in firewalls, intrusion detection systems, and secure cloud storage. The government could subsidise cybersecurity tools for SMEs and establish a national CERT (Computer Emergency Response Team) for coordinated threat response.

“The government should launch nationwide campaigns to educate citizens on data privacy. Initiatives like NITDA’s “Cybersecurity Awareness Month” should target rural areas. Organisations must train employees regularly, simulating phishing attacks to reinforce vigilance. Then, partnerships between agencies and private firms should’ve encouraged.

For example, the Central Bank of Nigeria (CBN) could mandate banks to share threat intelligence, while fintechs collaborate on encryption standards. “Leveraging advanced technologies. Adopt AI-driven threat detection, blockchain for secure transactions, and multi-factor authentication (MFA). Encryption of sensitive data, both at rest and in transit, is non-negotiable.

Organisations must develop and test incident response plans. The 2024 NIMC breach highlighted the need for swift action, including system isolation, stakeholder communication, and post-breach audits. “Organisation have to addressing insider threats, implement role-based access controls and monitor user activity.

Cultivating a culture of data ownership through ethics training can reduce negligent breaches. “As a matter of fact, Nigeria should join global alliances like the African Union Convention on Cyber Security, sharing expertise and resources to combat cross-border cybercrime,” they added.

Last line

