Nigeria is facing a growing wave of cyberattacks powered by artificial intelligence, according to new findings from Deloitte, highlighting a digital arms race between hackers and businesses racing to protect their networks.

In 2024, the country witnessed a sharp increase in cyberattacks, driven in part by Nigerian cybercriminals leveraging AI tools to enhance the scale and sophistication of their tactics. From generating malicious code to identifying system vulnerabilities and crafting convincing phishing emails, attackers are using AI to outsmart traditional defences.

A particularly alarming trend is the rise of AI-assisted phishing. Unlike conventional scam emails, these AI-crafted messages are tailored to individuals, making them significantly more effective. A recent study revealed that over 50% of recipients fall for such personalised phishing attempts.

Check Point Security’s Global Threat Index recently ranked Nigeria as the 13th most vulnerable country to cyber threats, prompting renewed calls for action from both public and private sectors.

“Cybersecurity must become a national priority,” said an analyst from South Africa’s Institute for Security Studies. “AI strategies should prioritise human security, transparency, and accountability.”

Experts warn that safeguarding Nigeria’s digital landscape requires a multifaceted response — involving government regulations, organisational best practices, and individual vigilance.

At the policy level, there is growing pressure on governments to develop more robust and adaptive cybersecurity and AI legislation. Meanwhile, individuals are urged to learn how to better protect themselves, especially when interacting with emerging technologies like AI chatbots that store data in the cloud.

For organisations, the emphasis is on smarter device security — from procurement to decommissioning.

According to HP Wolf Security research, only a minority of businesses currently audit the cybersecurity standards of their hardware suppliers. Of those that do, more than one-third have discovered serious shortcomings, with nearly 18% of those failures leading to terminated contracts.

Even within organisations, weak BIOS security practices persist. More than half of IT and security decision makers admit to using inadequate BIOS passwords and rarely updating them, leaving systems vulnerable to firmware-level attacks.

“The firmware is the foundation of any device’s security. If it’s compromised, attackers can gain full control,” said a cybersecurity consultant in Lagos.

Experts also urge companies to rethink their device decommissioning strategies. Many still choose to destroy outdated hardware, a move that generates unnecessary e-waste and clashes with sustainability goals. Secure repurposing or donation of old devices remains underutilised, despite 60% of IT leaders reporting that they have equipment that could be safely reused if secure erasure options were available.

While cybercriminals are weaponising AI, businesses are also deploying AI-powered solutions to stay ahead. Tools like HP’s Sure Click Enterprise use machine learning to detect and contain threats, including zero-day attacks and previously unknown malware. Isolation-based threat containment is emerging as a key strategy, providing an added layer of security.

Some advanced systems also offer self-healing firmware features that can automatically restore a device’s firmware to a safe state after an attempted breach — a vital capability as firmware-level attacks become more common.

With AI technology advancing rapidly, cybersecurity experts warn that the battle against cybercrime will only intensify. The key to success, they say, lies in combining cutting-edge technology with human awareness and accountability.

“Cybercriminals aren’t slowing down, and neither can we,” said one Lagos-based cybersecurity executive. “We need smarter systems, yes — but we also need smarter people behind them.”