NDPC: 4,000 weekly cyberattacks push data localisation,

Nigeria's digital economy is under siege. With over 4,000 cyberattacks recorded each week, the country's tech infrastructure faces a critical vulnerability that threatens both investor confidence and national economic growth. The National Data Protection Commission (NDPC) has sounded the alarm, signalling that Nigeria's current cybersecurity posture is insufficient to protect the continent's second-largest digital market.

The scale of the problem is staggering. At 4,000 attacks weekly, Nigeria experiences roughly 208,000 cyberattacks annually—a rate far exceeding regional averages. These attacks span data breaches, ransomware campaigns, distributed denial-of-service (DDoS) strikes, and targeted exploits against financial institutions, telecommunications firms, and government databases. The financial toll is substantial: each major breach costs organisations an average of $3.6 million in remediation, system downtime, and reputational damage, according to global cybersecurity benchmarks.

## Why is data localisation becoming mandatory?

Data localisation—requiring companies to store and process citizen data within Nigerian borders—addresses a structural vulnerability. Currently, many Nigerian firms cloud their data on US or European servers, creating jurisdiction gaps and latency issues. Localisation keeps sensitive information domestic, reduces cross-border regulatory friction, and gives the Nigerian government direct oversight capability. The NDPC is leveraging this shift to enforce stricter compliance standards aligned with Nigeria's Data Protection Regulation (NDPR), modelled on Europe's GDPR framework.

## What sectors face the highest attack risk?

Financial services remains the primary target. Nigerian banks, fintech startups, and payment processors lose millions annually to credential theft, account takeover, and wire fraud. Telecommunications, oil & gas, and healthcare follow closely, with each sector storing customer PII, operational data, or critical infrastructure configurations. Smaller tech companies and e-commerce platforms—the growth engines of Nigeria's digital economy—often lack enterprise-grade security, making them easy vectors for attackers seeking broader supply-chain infiltration.

The economic implications are multifaceted. Multinational investors scrutinise cybersecurity posture before committing capital. Foreign tech firms expanding into Nigeria now face mandatory data localisation, requiring expensive infrastructure investment. Conversely, this creates a domestic opportunity: local cloud providers, managed security service providers (MSSPs), and compliance consultants are experiencing rapid demand growth.

## How will stricter regulatory compliance reshape the market?

The NDPC is implementing a phased compliance framework requiring organisations to conduct annual security audits, maintain incident response protocols, and report breaches within 72 hours. Non-compliance carries fines up to ₦50 million ($32,500 USD) and potential operational suspension. This burden falls heaviest on small and medium enterprises (SMEs) lacking dedicated security teams, but it also forces industry consolidation—larger, well-capitalised firms absorb compliance costs more easily, gaining competitive advantage.

Nigeria's digital economy—valued at $88 billion in 2023 and growing 12% annually—cannot sustain 4,000 weekly attacks without investor flight. The NDPC's push for localisation and compliance is not just regulatory theatre; it reflects a genuine infrastructure hardening necessity. Companies that embed compliance early, localise strategically, and invest in threat detection will emerge as regional leaders in a more secure digital ecosystem.

---

#