Nigeria now accounts for about 45 percent of reported cyberattacks in Africa, a share that exposes the country to a projected $10.5 trillion annual global cybercrime bill, according to Vincent Olatunji, CEO of the Nigeria Data Protection Commission. Speaking at the IoT West Africa 2026 Conference in Lagos, Olatunji warned that Nigeria’s fast‑growing digital economy is becoming an increasingly attractive target, with more than 4,000 cyberattacks recorded every week and financial losses exceeding N12 billion in 2024 from fraud, phishing, and ransomware.
Globally, an attack occurs every 39 seconds, and 85 percent of breaches involve personal identifiable information. In Africa, phishing victim rates have risen to 32 percent, while ransomware accounts for about 35 percent of financial losses. Olatunji noted that 44,000 Distributed Denial‑of‑Service attacks are launched daily, targeting banking, telecom, and government systems.
Nigeria has strengthened its legal framework with the Data Protection Act 2023 and subsequent guidelines, requiring breach reporting within 72 hours. However, structural challenges persist: 90 percent of Nigeria’s data is hosted overseas, costing an estimated $850 million annually and creating additional risks of foreign surveillance and regulatory gaps. Olatunji called for increased investment in local data centres, of which Nigeria has only 26. “Data sovereignty is critical,” he said. Without stronger defences, the digital economy’s projected $18.3 billion contribution could be undermined by eroding trust.
