Nigeria Cyberattacks Surge 67% in 2024 — Small Businesses Bear the Brunt

Cybercriminals targeted Nigerian businesses and government agencies more than 3,200 times in the first half of 2024, a 67 percent jump from the same period last year, according to data published by the Nigerian Communications Commission this week. The attacks have compromised the financial records of at least 890,000 citizens and drained an estimated $250 million from the digital economy, exposing deep vulnerabilities in the nation's push toward a cashless society. In Lagos alone, 14 fintech startups reported breaches between January and June, with three forced to suspend operations entirely. The figures paint a grim picture for ordinary Nigerians who have embraced mobile banking and online commerce over the past five years. The question now is whether the government can shore up defences before public trust in digital services erodes further.

Who the Hackers Are Targeting

The pattern of attacks reveals a clear shift in strategy. Rather than focusing exclusively on large banks, criminal groups are now penetrating mid-sized payment platforms, insurance firms, and e-commerce websites that handle everyday transactions. Analysts at Digital Encode, a Lagos-based cybersecurity firm, identified at least six distinct criminal networks operating from inside Nigeria and three foreign-based groups with Nigerian affiliates. A single ransomware gang known as Lockbit 3.0 accounted for 340 of the recorded breaches, demanding payments in cryptocurrency that are nearly impossible to trace. The Central Bank of Nigeria confirmed that two deposit money banks lost a combined $18.7 million in separate incidents in March and April. Those losses, while smaller than the total economic damage, directly affected the savings of ordinary account holders.

The Human Cost Beyond the Numbers

For communities across Nigeria, the consequences extend far beyond corporate balance sheets. In Port Harcourt, a seamstress namedBlessing Adeyemi lost 340,000 naira ($460) when hackers breached the mobile banking app of her fabric supplier, redirecting payments meant for inventory to an untraceable account. She had no recourse. Her bank told her the transaction appeared legitimate. She could not afford legal fees. The experience has made her reluctant to use any digital payment method. I will go back to cash, she said in an interview at her market stall. These apps are not safe for people like me. Adeyemi's story is not unique. The EFCC received more than 2,100 cybercrime complaints from individual citizens in the first quarter of 2024, a 41 percent increase from the previous year. Many victims never file reports, either because they distrust law enforcement or simply do not know where to go. The actual number of affected Nigerians is almost certainly far higher than official figures suggest.

Why Nigeria's Digital Push Created New Exposure

The government has spent billions expanding internet access and promoting cashless transactions since 2020. The Economic Recovery and Growth Plan explicitly prioritised digital infrastructure, and the Central Bank's eNaira initiative launched in October 2021 with ambitions of reaching 95 percent financial inclusion by 2027. Those ambitions now look fragile. Nigeria added 12 million new internet users between 2022 and 2023, but cybersecurity infrastructure failed to keep pace. A 2023 audit by the National Information Technology Development Agency found that 73 percent of government ministries had no functioning security operations centre. Critical databases, including taxpayer records held by the Federal Inland Revenue Service, lacked basic encryption protocols. The result is a situation where expansion happened faster than protection. Dr. Aminu Aliyu, director of the Cyber Security Experts Association of Nigeria, put it plainly. We built the house, but we forgot to lock the doors.

Government Response Falls Short

The Ministry of Communications and Digital Economy announced a National Cybersecurity Policy and Strategy in January, promising mandatory security audits for all financial institutions and the creation of a national computer emergency response team. Eight months later, the audits remain voluntary, and the response team operates with a budget of less than $3 million, according to officials who spoke on condition of anonymity. The National Assembly passed the Cybercrime Prohibition Prevention Act amendments in March, increasing penalties for digital fraud. However, prosecutors have secured convictions in fewer than 15 percent of cases filed. The courts lack judges with technical expertise, and police stations across the country rarely have officers trained to collect digital evidence properly. When hackers breach a business in Enugu or Kaduna, there is often nowhere locally equipped to investigate.

What International Partners Are Doing

The United Kingdom's Foreign Office allocated $2.1 million in June to a programme run by the United Nations Development Programme that will train 500 Nigerian law enforcement officers in digital forensics over the next two years. The United States Secret Service has separately offered to share intelligence with the EFCC on cryptocurrency-related fraud targeting Nigerian accounts. Neither programme addresses the immediate vulnerability of businesses still operating without adequate protections. International assistance, while welcome, cannot substitute for homegrown solutions that match the speed and scale of the threat.

What Small Businesses Can Do Now

For the millions of Nigerians running small enterprises, the advice from cybersecurity professionals boils down to a few practical steps. Use two-factor authentication on every account that offers it. Change passwords every 90 days and avoid reusing them across platforms. Ensure that accounting software is updated whenever patches become available. These measures sound simple, but the majority of affected businesses in the 2024 breaches had failed to implement them. Joseph Okon, who runs a logistics company in Abuja, spent $12,000 recovering from a breach that encrypted his entire fleet management system in May. I thought I was too small to be a target, he said. I was wrong. The attackers demanded 5 bitcoin, worth roughly $135,000 at the time. Okon refused to pay and rebuilt his systems from backups, but three weeks of downtime cost him clients he has not regained.

What Comes Next

The next six months will test whether Nigeria can reverse the trend. The Central Bank has indicated it will publish mandatory cybersecurity standards for payment service providers by December, a deadline that industry observers view as ambitious given the current regulatory capacity. The National Assembly is expected to debate additional funding for the EFCC's cybercrime unit before the end of the year. Meanwhile, criminal groups show no signs of slowing. Experts at the upcoming Nigeria Cybersecurity Summit in Abuja on October 17 will present updated threat assessments that, according to preview materials, are expected to show a further increase in attacks targeting mobile money agents in rural areas. For ordinary Nigerians, the practical advice remains unchanged: verify transactions twice, distrust urgent requests for banking details, and assume that any digital platform can be compromised. The digital economy offers real opportunities, but only for those who navigate it with their eyes open.