By 
Surge in Cyber Threats Targets Government Digital Infrastructure
Nigeria’s push toward full digital governance is facing heightened cybersecurity pressure. The Nigeria Data Protection Commission (NDPC) recently disclosed that its central service portal was hit by over 2,000 cyberattack attempts within a single week. The revelation underscores the growing risks accompanying the country’s rapid digital transformation.
RELATED: National Assembly moves to update Nigeria’s data protection law for AI and emerging cyber threats
Dr. Vincent Olatunji, the Commission’s National Commissioner and Chief Executive Officer, made the revelation in Abuja. He was addressing a technical capacity-building drill for IT administrators. Those administrators were selected from government Ministries, Departments, and Agencies (MDAs).
What Was Targeted—and What Wasn’t
The NDPC reported that the attacks targeted its automated digital service portal. That portal handles online applications, licensing registrations, and electronic payments.
Importantly, the Commission confirmed that:
- No critical systems were compromised
- No citizens’ personal data was breached
- The disclosure serves as an early warning signal, not a report of a successful hack
The incident highlights the increasing sophistication and frequency of cyber threats confronting public digital infrastructure as more government services migrate online.
A Broader National Cybersecurity Challenge
The attempted breach reflects a wider national trend. NDPC data shows that Nigeria now records over 4,000 cyberattacks weekly across multiple sectors, driven largely by the country’s aggressive digitalisation agenda.
Dr Olatunji warned that government institutions are becoming attractive targets for cybercriminals motivated by objectives ranging from reputational damage and institutional embarrassment to financial extortion and data theft.
“A lot of government organisations are being targeted recently. We don’t have to wait until cyber incidents have a major impact on the economy or citizens’ data before we take action,” he said.
NDPC’s Multi-Layered National Response
To counter the growing threat landscape, the NDPC is deploying a combination of policy, technology, and human-capacity interventions, including:
1. Building ‘Cyber Warriors’ Across MDAs
The Commission has rolled out specialised cybersecurity training modules aimed at equipping public-sector IT managers with the skills required to defend critical government databases.
2. Enforcing Legal and Technical Standards
NDPC is aligning cybersecurity practices with Section 39 of the Nigeria Data Protection Act (NDPA), mandating stricter compliance and network safeguards across MDAs.
3. Strengthening Technical Defences
Advanced measures such as automated shutdown systems, network access controls, and load balancers are being deployed to pre-empt multi-vector cyberattacks.
Digital Government Expansion Raises the Stakes
Dr Olatunji linked the rising cyber risks directly to Nigeria’s expanding digital governance framework. He recalled that the country’s digital journey gained momentum with the National Information Technology Policy of 2001, which laid the foundation for today’s e-government initiatives.
According to his disclosure, the Federal Government recently unveiled plans to fully digitalise 35 ministries within a matter of weeks. He also noted that over 100 government agencies are already engaged in digital transformation efforts at various stages.
Many MDAs now operate platforms that allow citizens to access services remotely—eliminating the need for physical visits—but also expanding the attack surface for cybercriminals.
Integration Without Security Is a Risk
While welcoming the progress, the NDPC boss cautioned that deeper digital integration inherently increases exposure to cyber threats, particularly as many government systems rely on technologies developed by private-sector vendors.
“When you move to full integration, there is every likelihood that bad actors will target your network,” he warned, stressing that technology alone cannot guarantee security without skilled personnel.
Data Protection Must Start Before Full Digitalisation
Dr Olatunji emphasised that data protection obligations apply regardless of an agency’s level of digital maturity.
Under Nigerian law, all government institutions qualify as data controllers, responsible for safeguarding the personal data of Nigerians and non-Nigerians alike.
He observed that public-sector adherence to data protection rules has improved substantially. The compliance rate has climbed from a mere 4% in the early years to over 20% today.
Furthermore, many MDAs have begun budgeting for privacy officers and implementing technical safeguards.
Strengthening Human Capital for Cyber Resilience
Tolulope Pius-Fadipe, Head of Research and Development at the NDPC, delivered the opening remarks. She explained that the training programme is in line with the Commission’s strategic roadmap for developing human capital.
Furthermore, she noted its alignment with the Commission’s commitment to fostering inter-agency collaboration.
Also speaking, Olorunisomo Isola, Head of IT and Cybersecurity at the NDPC, said the workshop was organised in direct response to the rising frequency of cyber incidents targeting public infrastructure.
