Nigeria's Digital Economy Faces $500 Million Hit as Cyberattacks Surge 300%

A wave of sophisticated cyberattacks has exposed deep vulnerabilities in Nigeria's rapidly expanding digital economy, costing businesses an estimated $500 million in the past year alone. Security firms operating in Lagos and Abuja reported a 300% surge in attacks targeting financial institutions, e-commerce platforms, and government digital services, raising alarms among investors who have poured billions into Africa's largest tech ecosystem.

The scale of the problem became clear last month when the Nigeria Data Protection Bureau announced it had logged 2.4 million attempted breaches between January and September. That figure, which authorities described as likely a fraction of the actual total, revealed how underprepared many organisations remain despite Nigeria's ambitions to become a leading digital economy on the continent.

Financial Sector Bears the Brunt

Commercial banks, payment processors, and fintech startups have become the primary targets. The Nigeria Inter-Bank Settlement Scheme disclosed that organised hacker groups successfully drained approximately N47 billion ($112 million) from customer accounts in the first half of 2024 through ransomware and social engineering schemes. Four major lenders — including First Bank of Nigeria and Guarantee Trust Bank — acknowledged security breaches that temporarily disrupted online banking services.

The Central Bank of Nigeria responded by mandating that all financial institutions conduct emergency security audits by December 31. Banks that fail to meet new penetration-testing requirements face penalties ranging from N500 million to N2 billion. Governor Olayemi Cardoso told journalists in Abuja that the measures were necessary to protect depositor confidence as digital payments overtake cash transactions for the first time in the country's history.

E-Commerce Platforms Struggle to Recover Trust

Jumia, Nigeria's largest online retailer, confirmed that a breach in March compromised the personal data of 840,000 customers. The company's shares dropped 12% on the New York Stock Exchange following the disclosure, wiping roughly $180 million from its market capitalisation. Competitors Konga and PayPorte saw similar but smaller intrusions, suggesting a coordinated campaign rather than isolated incidents.

Small business owners who rely on these platforms expressed frustration. Chioma Okonkwo, who runs a fashion boutique through Jumia from her shop in Ikeja, said customers have become increasingly reluctant to save card details. "My sales fell 15% after the news broke," she told reporters. "People do not want to enter their numbers anymore. This is killing trust."

Government Systems Under Strain

The National Information Technology Development Agency flagged multiple attempts to infiltrate servers holding taxpayer data at the Federal Inland Revenue Service. While officials claimed no sensitive records were exfiltrated, an independent audit commissioned by the Senate discovered that the personal information of 5.2 million Nigerians had been exposed through vulnerabilities in the Integrated Payroll and Personnel Information System.

Senator Bashir Othman, chair of the Senate Committee on ICT and Cybersecurity, said the government had allocated only N12 billion ($26 million) for national cybersecurity infrastructure in the 2024 budget — a fraction of what comparable economies spend. "We are building a digital economy on sand," Othman stated in Abuja. "Without serious investment in protection, every naira we put into technology is at risk."

The Ministry of Communications pressed for urgency, announcing a National Cybersecurity Centre to be built in Abuja by mid-2025. The facility, expected to cost N45 billion, would serve as a coordination hub for threat intelligence sharing between banks, telecoms, and government agencies. Minister Bosun Tijani said the centre would reduce response times to breaches from an average of 23 days to under 72 hours.

Investor Confidence Shaken

The attacks have begun affecting capital flows. Three venture capital funds that had been in advanced talks to invest in Lagos-based startups reportedly paused due diligence after reviewing the security landscape. One fund manager, speaking on condition of anonymity, said cyber risk had become a formal part of their Nigeria evaluation matrix. "Six months ago, this was not a primary concern," the manager noted. "Now it is one of the first things we ask about."

Nigeria's tech sector had attracted $1.8 billion in foreign investment during 2023, driven partly by the success of fintech unicorns like Flutterwave and Moniepoint. That momentum is now under threat. The African Development Bank cited cybersecurity weaknesses as a contributing factor in its decision to downgrade Nigeria's business environment ranking for the third consecutive quarter.

International payment processors have taken notice. Visa and Mastercard both issued updated compliance requirements for Nigerian acquiring banks, citing the need for stronger tokenisation and multi-factor authentication. Businesses that fail to comply within six months risk losing processing rights — a prospect that could cripple smaller merchants unable to afford the necessary infrastructure upgrades.

What Comes Next

Cybersecurity analysts at SentinelOne's Lagos office estimate that Nigerian businesses will face $700 million in losses by the end of 2024 if current attack trajectories continue. Ransomware-as-a-service operations, many operating from Eastern Europe, have identified the country's underdefended networks as high-value targets.

The government faces pressure to pass the long-delayed Cybersecurity Act, which stalled in the National Assembly after disagreements over data localisation requirements. Industry groups including the Lagos Chamber of Commerce and Industry have urged lawmakers to resolve the impasse before the end of the current session. A joint committee report is expected by November 15.

For ordinary Nigerians, the consequences are already visible. Online fraud has contributed to a 340% increase in identity theft cases reported to the Nigeria Police Force since 2022. Workers at technology firms in Lagos say they are investing in personal cybersecurity training for the first time. The question now is whether the country's digital economy can grow fast enough to outpace the damage — or whether the attacks will force a reckoning that slows everything down.