By Stella Odueme
The Cyber Security Experts Association of Nigeria (CSEAN), an umbrella body of all cyber security professionals in Nigeria has highlighted factors that will contribute to cyber security threats to Nigeria in 2025.
This report forecasts a dynamic and challenging 2025 for Nigerian cybersecurity, stressing that AI-powered attacks, including deepfakes, will intensify, while misinformation campasigns will continue to manipulate public opinion.
It said while ransomware attacks may decline, crypto scams, government benefit scams, and data breaches are expected to surge. Unfortunately, it notes that the “Japa” of skilled IT professionals will strain the sector, exacerbated by weak enforcement of the Cybercrime Act while insider threats, the exploitation of unlinked FinTech accounts, and the persistent threat of APTs and credential-stealing malware will further complicate the landscape.
The group in a 21-page report titled ‘Nigeria Cyber Threat Forecast 2025’ made available to Daily Independent in Abuja, highlights an urgent need for stakeholders across government, private sector, and civil society to address the growing complexities of Nigeria’s cybersecurity challenge.
This comprehensive report details the persistent and emerging threats expected to shape the digital environment in 2025, emphasizing the pressing need for strategic actions to mitigate risks and foster resilience. The forecast said to be drawn from surveys, open-source intelligence, cyber threat reports, and incident analyses, examining the interplay of economic conditions, growing digitization, and the shortage of cybersecurity Professionals underscore the vulnerabilities Nigeria faces in safeguarding its digital ecosystem.
The report. co-authored by Oluwafemi Osho, John Odumesi, Jonathan Ayodele, Polra Victor Falade, Hamzat Lateef and Olajumoke Oloyede, who are members of the Directorate of Research and Development at CSEAN points to malicious actors becoming more resourceful and deploying increasingly advanced tactics and tools to undermine cybersecurity. It stressed that Nigeria must brace itself for a challenging 2025 as these threat actors pose a significant challenge to even the world’s most experienced cybersecurity defenders, making it critical for Nigeria’s stakeholders to anticipate emerging risks and implement robust protective measures.
It recalled that the 2024 cyber threat landscape in Nigeria had mirrored global trends, marked by increasingly sophisticated attacks. From ransomware incidents targeting critical infrastructure to the pervasive use of AI-driven scams and misinformationcampaigns, Nigeria faced significant cybersecurity challenges. Individuals, businesses, and institutions alike endured a series of security breaches and sophisticated scams that permeated various digital platforms.
The report therefore warns that 2025 is likely to witness a further escalation of these threats as malicious actors refine their tools and tactics.
Some key threats identified are that while misinformation and disinformation will continue to be potent tools for cyber-influence operations, enabling malicious actors to manipulate public perception and sway decision-making across various platforms, there is likely to be a decline in ransomware attacks due to increased global law enforcement efforts and improved organizational defences, the threat remains. It also says Nigerians should expect a surge in cryptocurrency scams driven by rising crypto prices, warning that inexperienced investors will be targeted through social media scams, Ponzi schemes, and fake cryptocurrency exchanges.
Other threats are that government-benefit scams are expected to increase, exploiting economic vulnerabilities just as phishing messages and fake social media posts will be used to steal personal information; data breaches in Nigeria are expected to continue, advocating strengthening regulatory frameworks and public education are crucial to mitigating these risks.
Unfortunately, it noted that emigration of skilled IT and cybersecurity professionals will continue, straining Nigeria’s digital ecosystem and stressed that creating a more supportive work environment is essential, especially as the weak enforcement of the amended Nigeria Cybercrime Act 2024 remains a significant hurdle. Investment in advanced investigation tools and strengthened legal frameworks are needed.
The report warned that cybercriminals will continue to exploit unlinked FinTech accounts for money laundering and illicit transactions while insider threats within Nigerian organizations, particularly in the financial sector, are expected to remain a pressing concern. It equally warned of Advanced Persistent Threats (APTs) posing a significant but under-recognized threat and urged that organisations and institutions must take proactive measures, such as routine system updates and security audits, to guard against these persistent attacks.Credential and information-stealer malware will remain a threat in 2025, the report maintains.
As Nigeria braces for an increasingly complex cyber threat landscape in 2025, the report identified targeted recommendations for various stakeholders to enhance cybersecurity resilience.
For individuals, adopting robust digital hygiene practices such as enabling multifactor authentication and avoiding unverified links is crucial, alongside promptly reporting suspicious activities. Businesses are encouraged to invest in AI-driven threat detection systems and provide continuous employee training to mitigate insider threats. Policymakers should focus on enhancing the enforcement of the Nigeria Cybercrime Act 2024 by allocating better resources and fostering international collaboration against transnational cybercrimes.
It says regulators and financial institutions must tighten Know-Your-Customer (KYC) protocols to address vulnerabilities in unlinked FinTech accounts, thereby curbing fraud.
“Finally, the nation should prioritize retaining cybersecurity talent by improving economic conditions and creating competitive opportunities for IT professionals. By implementing these strategies, Nigeria can strengthen its defences against the evolving cyber threats anticipated in the coming year.”
Commenting on the report, the President of CSEAN, Mr. Ade Shoyinka, emphasized that the Nigeria Cyber Threat Forecast 2025 serves as a clarion call for stakeholders to embrace a proactive and unified approach to cybersecurity.
“By addressing these challenges head-on, Nigeria can strengthen its digital resilience, safeguard critical infrastructure, and empower its citizens in an increasingly interconnected world. A united approach from individuals, organisations, and policymakers is critical to building a more resilient digital ecosystem.”
