Nigeria’s financial sector must urgently shift from reactive to proactive cybersecurity strategies or risk catastrophic losses, experts warned at the sixth edition of the Financial Institutions Training Centre (FITC) in collaboration with the Nigeria Inter-Bank Settlement System (NIBSS) ThinkNnovation Cybersecurity Conference held recently.

The hybrid conference, themed “Securing Tomorrow: Cyber Resilience, Intelligent Defence, and the Architecture of Trust in a Borderless World,” brought together regulators, policymakers, and cybersecurity professionals to address mounting digital threats facing the nation’s financial ecosystem.

In her opening address, Managing Director/Chief Executive Officer of FITC, Dr Chizor Malize, reaffirmed the Centre’s commitment to building institutional capacity and digital resilience across the financial system. The MD/CEO, represented by the Head of Learning and Development at FITC, Esther Amoye, underscored the conference’s role as a premier thought leadership platform.

“As technology deepens its footprint across our economy, the integrity of digital ecosystems becomes the bedrock of national trust,” Malize stated. “Our collective task is not only to safeguard systems but to safeguard confidence — in the data, in the institutions, and in the future of finance itself.”

Malize noted that FITC, established in 1981 by the Nigerian Bankers’ Committee, is a world-class knowledge organisation providing training, consulting, and research services to the Nigerian financial services sector and beyond, dedicated to building capacity, strengthening governance, and driving innovation across Africa’s financial ecosystem.

“What began as an initiative to spark conversations around emerging threats has now become a defining space for shaping Africa’s voice in the global cybersecurity ecosystem,” she said.

Speaking at the event, Professor Obadare Peter Adewale, Professor of Practice in Cybersecurity, Chief Visionary Officer of Digital Encode Ltd., and Chairman of the ThinkNnovation Conference Advisory Board, painted a stark picture of the current threat landscape, warning that artificial intelligence will amplify existing vulnerabilities if organisations fail to address fundamental security gaps.

“If you don’t spend the money on cybersecurity, you invariably will still spend the money. Before a breach, everybody will be calculating and arguing. Still, when there is a single attack, everybody starts to throw money at cybersecurity,” Obadare stated, criticising what he described as a persistent reactive mindset.

Drawing attention to often-overlooked vulnerabilities, Obadare revealed that internal threats pose greater risks than external actors. “Careless employees and malicious employees are even more than external factors,” he said, urging organisations to address human factors alongside technological defences.

“Technology doesn’t create vulnerability — people do. True defence lies in continuous awareness, ethical intelligence, and institutional discipline,” he asserted.

The professor cited recent high-profile breaches at global technology giants to illustrate that even the most sophisticated organisations are not immune. He referenced a leak at NVIDIA, the world’s largest AI infrastructure provider, caused by improper patch management, and a Microsoft Co-Pilot echo leak, as well as security failures at DeepSeek and ChatGPT.

“On the very day DeepSeek was launched, their entire database was exposed on the internet – chat histories, API keys, backend operational details, system logs, user prompts, everything,” Obadare disclosed, adding that ChatGPT suffered a data breach affecting over 1.2 million subscribers due to vulnerabilities in open-source components.

He criticised what he observed as non-functional Security Operations Centres across the sector. “In the last year, visits to SOC centres showed they are not working. For compliance and regulation, everybody is telling you they have SOC, but they are not working,” Obadare stated bluntly.

The expert emphasised that effective cybersecurity requires balancing protection activities with sustainable operations. “Resilience is about balancing between protection activities and sustainable activities. When one cheats the other, there will be a problem,” he said.

Director of the Compliance Department at the Central Bank of Nigeria (CBN), Olubunmi Ayodele-Oni, representing the Deputy Governor for Financial System Stability at the CBN, Philip Ikeazor, outlined robust regulatory measures being implemented to strengthen the sector’s cyber defences.

The director announced that the CBN had restructured its oversight approach, consolidating supervision of cybersecurity, data protection, and third-party management within a single supervisory structure to ensure consistency across all regulated entities.

“As the boundaries between financial institutions, fintechs, and consumers blur, our focus is on building regulatory frameworks that are agile, risk-based, and innovation-friendly,” he said. “Cyber resilience must move beyond compliance — it must become culture.”

The central bank official emphasised that “we are only as strong as the weakest link” adding that “some non-bank regulated entities pose more cyber risk to our financial system than some banks. Thus, it is only right that more resources are dedicated to supervising such entities.”

The Executive Chairman of the Economic and Financial Crimes Commission (EFCC), Olanipekun Olukoyede, represented by the Head of Public Affairs, Lagos Directorate 1, Deputy Commander Ayo Oyewole, revealed that the commission’s aggressive pursuit of cybercriminals has resulted in significant recoveries.

“We have deconstructed quite a number of organised cybercrime networks, leading to billions in stolen assets recovered and increased prosecution of crimes used for fraud,” Oyewole stated.

He announced the establishment of a Cyber Rapid Response Centre equipped with technology-enabled tools and digital forensic capabilities operating 24 hours a day, seven days a week. The commission maintains real-time collaboration with NIBSS, CBN, the Nigerian Communications Commission, and global financial institutions to track cross-border illicit financial flows.

“Cybercrime has evolved from mere opportunistic fraud to a global criminal enterprise that is ‘sophisticated, syndicated, and systematically dangerous,’ Oyewole warned.” It threatens our financial system, national security, democratic institutions, and most importantly, the public trust architecture.”

Chief Information Security Officer at NIBSS, Olusola Odediran, representing the Managing Director, Premier Oiwoh, stressed that cyber resilience has become foundational to national security and economic stability.

“Cybersecurity is no longer an auxiliary function — it is the trust infrastructure upon which digital finance is built,” Odediran said, reaffirming NIBSS’s commitment to advancing secure digital payments infrastructure.