Nigeria’s expanding digital ecosystem is facing growing exposure to cyberattacks, infrastructure vulnerabilities, financial fraud and other emerging security threats, with industry leaders warning that weak institutional coordination and reactive response systems are deepening risks across critical sectors of the economy.
‎
The warning came at the inaugural Enterprise Security Risk Management Conference organised by the Association of Enterprise Risk Management Professionals (AERMP), where experts said rising dependence on digital infrastructure across banking, telecommunications, healthcare, governance and enterprise operations was increasing institutional vulnerability and exposing organisations to increasingly interconnected security risks.
‎
Speaking at the conference, themed: “Repositioning Enterprise Security Risk Management in an Evolving Global Threat Landscape: A Multi-Stakeholder Imperative,” Chairman of the occasion and Chief Executive Officer of Advantec Marine Services, Bolanle Ati-John (Rtd), said Nigeria’s evolving threat landscape now extends beyond conventional security concerns to include cybercrime, fraud, infrastructure vandalism, supply chain disruption, disinformation, economic shocks and institutional trust deficits.
‎
According to him, risks confronting institutions were no longer isolated or predictable, warning that attacks on critical systems could quickly spread across multiple sectors with wider economic and national consequences.
‎
“A cyberattack on a bank is not merely an IT problem. It can become a financial stability problem. An attack on a transport corridor is not merely a logistics problem. It can become a full security problem as well,” he said.
‎
Ati-John stressed the need for anticipatory systems, intelligence sharing and coordinated response mechanisms as threats increasingly migrate across physical, digital and operational environments.
‎
In a speech delivered on behalf of the Executive Vice Chairman of the Nigerian Communications Commission (NCC), Dr Aminu Maida, the commission warned that Nigeria’s growing dependence on digital infrastructure was increasing exposure to cyberattacks, telecom infrastructure vandalism, financial fraud and operational disruptions across critical sectors.
‎
The NCC disclosed that more than 27,000 fibre cuts and over 4,000 cyberattacks were recorded in 2025 across banking, telecommunications, healthcare and government institutions, warning that AI-powered attacks, ransomware-as-a-service and data breaches were increasing the sophistication of cyber threats confronting organisations and businesses.
‎
According to the commission, nearly 90 per cent of Nigeria’s data remains hosted outside Africa, creating significant data sovereignty risks as the country’s dependence on interconnected digital systems continues to expand.
The NCC also warned that the expansion of 5G, artificial intelligence and smart technologies would continue to widen Nigeria’s attack surface without stronger security governance and operational resilience measures.
‎
It said the commission had introduced a Cyber Resilience Framework for the communications sector to strengthen threat detection, incident response and risk management, while intensifying collaboration with security agencies and operators to protect telecommunications infrastructure designated as Critical National Information Infrastructure.
‎
The commission said its Cyber Resilience Framework for the Nigerian Communications Sector would mandate critical incident reporting, operational resilience measures and stronger risk management systems across licensed operators beginning from February 2027.
‎
NCC also said boards within the telecommunications industry were now expected to define risk appetite and strengthen internal risk management and audit systems to improve accountability and compliance.
‎
Chief Information Security Officer of Quest Merchant Bank, Maji Alamogu, warned that cyber risks had evolved beyond technical and IT concerns into major enterprise threats capable of disrupting operations, exposing customer data and threatening institutional survival.
‎
According to her, the growing dependence on digital systems had increased organisational exposure to ransomware attacks, third-party supply chain vulnerabilities, AI-driven threats and operational disruptions across sectors.
‎
“It is no longer for the CISOs or heads of IT alone. It is now a concern for the board,” she said.
‎
Alamogu stressed that security management must move beyond reactive IT structures to enterprise-wide governance systems integrating cybersecurity, operational resilience, data protection, compliance and risk management into strategic decision-making.
‎
Also speaking, Director of Halogen Security Risk Advisory and Consulting, Dr Adewale Adeagbo, said the growing complexity of insecurity was increasing operational and economic vulnerability for businesses, institutions and citizens across the country.
‎
According to him, security threats were becoming increasingly dynamic, interconnected and less predictable, requiring organisations and governments to adopt more proactive and strategic risk management systems.
‎
Representing former Ogun State governor and Chairman of the Senate Committee on Navy, Gbenga Daniel, Dr Babatunde Onadeko, warned that increasingly interconnected security threats were exposing weaknesses in institutional coordination and enterprise risk management systems.
‎
“One attack, multiple victims, and yet no single ownership of the risk,” he said, warning that “risk travels faster than responsibility” in today’s interconnected environment.
‎
Onadeko stressed the need for governance-driven and multi-stakeholder security frameworks capable of improving coordination, intelligence sharing, institutional resilience and proactive response systems across sectors.
‎
Director-General of the Association of Enterprise Risk Management Professionals, Dr Olayinka Odutola, also called for more holistic and anticipatory approaches to security management, warning that many institutions still respond to threats reactively rather than proactively.
‎
“We must be intentional. We must be anticipatory. We must be holistic, serious and focused,” he said, adding that enterprise risk management provides institutions with a framework to identify vulnerabilities early, improve preparedness and strengthen coordinated response systems across sectors.