Nigeria’s cybersecurity landscape is grappling with a critical shortage of skilled professionals, just as organisations face an unprecedented surge in sophisticated attacks.
From financial services to telecoms, Nigerian firms are under a talent siege. According to Check Point Software’s Global Cyber Attack Report for Q1 2025, organisations in Nigeria faced an average of 4,388 attacks per week, a 47 percent year-on-year surge. Yet many incident-response teams remain dangerously understaffed.
Deloitte’s Cybersecurity Outlook 2025 report found that 67 percent of global organisations, including those in Nigeria, are operating below their required cybersecurity headcount, crippling both the ability to prevent breaches and recover from them.
Experts note that many of the cybersecurity experts in Nigeria have migrated for better opportunities and greener pastures.
“By our nature, we excel anywhere,” says Wunmi Faiga, chief information security officer at Axiom Integrated Solutions. “The challenge lies in retention. Many experts migrate for broader opportunities. We must invest in youth development and create incentives to keep our brightest within national borders.”
The exodus of these cybersecurity professionals is leaving behind a vacuum that no software can fill.
Afolabi Sobande, chief operating officer at Computer Warehouse Group (CWG), noted, “Nobody is foolproof when it comes to cyber attacks. How you respond is what matters.”
He points out that while there was an 85 percent drop in leaked accounts between Q4 2024 and Q1 2025, suggesting better tooling, Surfshark’s Quarterly Data Breach Report Q1 2025 still recorded over 119,000 leaked data records in Nigeria, affecting roughly one in ten citizens. “The real test lies in the people who manage and apply those tools,” Sobande says.
Sobande also stressed that building a resilient organisation starts at the top: “First, it’s executive leadership and ownership. The executive of any organisation has to take cybersecurity very seriously. Once they do that, they can foster a security-centric culture across every department.”
Nigeria ranked 50th globally and second in Africa for attack volume in Kaspersky’s latest threat landscape analysis. Yet the country meets only 58.3 percent of key policy and governance benchmarks on the National Cyber Security Index, placing it 43rd worldwide.
Experts at Deloitte and IDC estimate that bridging these vulnerabilities across Africa will require some $22 billion in cybersecurity investment, a sum that Nigerian institutions have so far struggled to mobilise.
Beyond infrastructure, it’s the people problem that looms largest. Faiga emphasised, “Of course, everything we are talking about, we talk about AI. The things we used to do before, we just put AI in front of them. But irrespective of all the innovative technologies, sometimes what you need to do is get the basics right starting with good cyber hygiene.”
Read also: The cost of cyber insecurity: How it affects Nigeria’s digital economy
She and Sobande argue that simply hiring isn’t enough; organisations must cultivate security-centric cultures. That includes continuous awareness training, phishing simulations, and role-specific cybersecurity education.
“Training must go beyond certifications,” Faiga notes. “It should be deeply embedded in each staff member’s function at work and private digital life.”
The situation is exacerbated by the rise of “crime-as-a-service,” where threat actors rent out phishing frameworks and ransomware kits like legitimate cloud products.
“As attackers shore up their capabilities,” Faiga warns, “we must match them by investing in the right people, those who can design, deploy and adapt security solutions to meet every evolving threat.”
Ashraf Helmy, regional sales manager at Dell, introduces the concept of Survivability Time Objective (STO)—the maximum period an organisation can remain functional after a cyber breach.
With countries like the UK moving to ban ransom payments, similar regulations could arrive in Nigeria. “Firms may soon be unable even to pay ransoms,” Helmy says. “Rebuilding from scratch could be the only path forward.”
But rebuilding, let alone surviving, requires human capital. As Nigeria’s digital economy grows, so does its exposure. Without a national effort to train, retain, and empower cybersecurity talent, experts warn the country may find itself defenceless against the next generation of cyber threats.
“Nigeria doesn’t lack talent,” Faiga reminds. “What we lack is the long-term vision and commitment to keep it.”
