By Juliet Umeh

Nigeria’s fast-growing digital economy is facing a mounting cybersecurity crisis, with over 4,000 cyberattacks recorded weekly—prompting urgent calls for stronger data protection, local data storage, and stricter regulatory compliance.

The National Commissioner of the Nigeria Data Protection Commission, NDPC, Dr. Vincent Olatunji, who disclosed this at the IoT West Africa 2026 conference in Lagos, said the scale of attacks highlights critical vulnerabilities that must be addressed to sustain digital growth.

According to him, the challenge is not just the frequency of attacks but the country’s level of preparedness to detect, prevent, and respond effectively.

“In Nigeria, we experience over 4,000 attacks per week. It may interest you to know that even at the NDPC, within one week, we record over 1,500 attempts on our networks. This shows the level of threats we are witnessing in the country,” he said.

Olatunji noted that while Nigeria’s digital economy is expanding rapidly—driven by fintech, e-commerce, cloud services and connected devices—this growth has also widened the attack surface for cybercriminals.

Globally, the digital economy now contributes over $20 trillion, about 20 percent of global GDP, while Nigeria’s own digital sector contributes over $18.3 billion, underscoring its strategic importance.

However, he warned that without strong safeguards, the same technologies powering growth could expose the country to financial losses, data breaches, and reputational damage.

To tackle this, the NDPC is advocating a multi-pronged approach, beginning with stronger data governance and enforcement of compliance across the ecosystem.

A major concern, he said, is Nigeria’s overreliance on foreign data infrastructure, with more than 90 percent of locally generated data stored outside the country—raising issues around control, cost, and national security.

“This raises concerns about security, cost, control, and regulatory enforcement. We must take deliberate steps to ensure that data generated within Nigeria is stored and processed locally to guarantee digital sovereignty,” he said.

Olatunji emphasised that data centres and organisations handling data must recognise their responsibilities under the law, noting that storage itself qualifies as data processing and is subject to regulation.

“Many data centre operators believe they are not processing data, but storage itself is part of processing. Therefore, they must comply with data protection laws. There is no escape from compliance,” he said.

He warned that failure to comply could attract stiff penalties, including fines of up to two percent of gross revenue and possible prosecution of chief executives.

Beyond regulation, Olatunji highlighted the need for investment in digital infrastructure, cybersecurity systems, and human capital to build resilience against threats.

He identified artificial intelligence, machine learning, and the Internet of Things as both drivers of innovation and sources of increased risk, given the massive volume of data they generate.

With over 21 billion connected devices globally and billions of terabytes of data generated daily, he said the urgency for robust protection frameworks cannot be overstated.

“Data privacy is critical for safeguarding personal information, building trust, ensuring national security, and enhancing global competitiveness. Without adequate protection, organisations and countries risk losing credibility and opportunities for collaboration,” he added.

Looking ahead, Olatunji projected significant growth in Nigeria’s data infrastructure market, which is expected to exceed $1 billion by 2031, driven by rising digital adoption.

He urged stakeholders to implement both technical and organisational safeguards, stressing that trust will be the currency of the digital economy.

“As the digital economy continues to expand, data protection must remain a top priority. It is essential for trust, compliance, national security, and sustainable development,” he said.

For industry players, the message is clear: securing Nigeria’s digital future will require more than growth—it will demand deliberate action to protect the data that powers it.