By Juliet Umeh

Nigeria’s shift to digital tax administration could expose the country to serious revenue, data and trust risks if cybersecurity is not embedded at the core of implementation, Toluwani Akinniyi, a cybersecurity leader and Governance, Risk Management and Compliance expert, has warned.

The warning comes as Nigeria prepares to implement sweeping tax reforms from January 1, 2026, anchored by the Nigeria Tax Act 2025, which consolidates existing tax laws and seeks to modernise revenue collection.

Akinniyi said that as taxation becomes increasingly digital, cyber risk becomes systemic, turning tax platforms into critical national infrastructure comparable to banking and telecommunications systems.

“A modern tax system is no longer just a policy tool. It is critical to national infrastructure,” he said. “If it is not governed and secured with the same seriousness as financial or telecom networks, the consequences extend beyond data breaches to revenue integrity, public trust and national economic stability.”

According to him, digital tax platforms aggregate some of the most sensitive data in the country, including national identity information, financial records, payroll data, corporate disclosures and cross-border transaction details, making them prime targets for cybercriminals, organised fraud networks and insider abuse.

“A successful cyberattack on a tax system is not merely an IT incident,” Akinniyi said. “It can enable revenue leakage, manipulation of taxpayer records, fraudulent refunds, mass identity theft and prolonged service outages.”

He noted that such incidents also undermine confidence in the government’s ability to safeguard citizen data and manage public finances, with long-term implications for compliance and investor confidence.

Akinniyi warned that as Nigeria’s tax authority deepens digital integrations with banks, fintech companies, payroll providers and cloud platforms, efficiency improves but exposure increases.

“Each additional system connection expands the attack surface,” he said, adding that weakly secured application programming interfaces (APIs), poor access controls, cloud misconfigurations and inadequate vendor oversight could become single points of failure.

He also cautioned that cyber risks must now be treated as revenue risks, noting that compromised systems can enable unauthorised record changes, insider fraud and extended downtime that disrupts government cash flow and are often difficult to detect.

Despite the growing dependence on digital public infrastructure, Akinniyi said cybersecurity governance across government platforms remains uneven, with cyber risk still treated largely as a technical issue rather than a governance and executive responsibility.

“For a digital tax system of national importance, that approach is insufficient,” he said, calling for cybersecurity to be embedded into tax policy design, system architecture, vendor selection and operational oversight, and audited with the same rigour as financial controls.

He added that the interdependence between tax systems and sectors such as banking, fintech, telecommunications and cloud services means a cyber incident in one area could quickly escalate into a broader national disruption.

“At its core, digital tax compliance depends on trust,” Akinniyi said. “If taxpayers fear fraud or identity theft, voluntary compliance will decline. Once trust is lost, rebuilding it is slow and costly.”

Institutionally, the reforms replace the Federal Inland Revenue Service with the Nigeria Revenue Service, which has broader authority over federal tax collection and administration.

A key pillar of the reforms is digital tax collection, with the NRS digitising registration, filing and payment processes by linking Tax Identification Numbers to bank accounts and national identity systems. The move is intended to improve efficiency, reduce leakages and support real-time compliance, although authorities acknowledge that early rollout may face capacity and system-integration challenges.

As Nigeria moves toward full implementation of the reforms, Akinniyi said their success will depend not only on how efficiently digital systems are deployed, but on how securely they are governed.

“A tax system that is efficient but insecure is not modern,” he said. “It is vulnerable.”