Nigerian organisations now face the highest number of weekly cyberattacks in Africa, according to the newly released African Perspectives on Cyber Security Report 2025 by Check Point Software Technologies Ltd. The report shows a surge in digital threats across the continent, with Nigeria standing out as the most targeted environment for cybercriminals.
The data paints a troubling picture. Nigerian firms currently endure an average of 4,200 attacks every week—far above Africa’s average of 3,153 and a staggering 60 percent higher than the global average of 1,963 attacks per organisation. This spike reflects a growing wave of AI-driven threats, as attackers increasingly weaponise artificial intelligence to scale their operations and break into systems faster than before.
Kingsley Oseghale, Check Point’s Country Manager for West Africa, explained that attackers no longer rely solely on manual tactics. They now deploy AI to automate phishing schemes, impersonation attempts, and cloud-targeted exploits. He noted that AI itself has become part of the attack landscape, giving cybercriminals dangerous levels of speed, accuracy, and reach. Oseghale believes only prevention-first security—built on visibility, governance, and AI-powered protection—can keep organisations ahead of these threats.
The report shows that cybercriminals are exploiting exposed identities, misconfigured systems, and weak cloud setups across the continent. They are targeting finance, energy, telecoms, government institutions, and other critical sectors with identity-led intrusions, AI-generated phishing, and increasingly sophisticated ransomware attacks.
Each country faces its own patterns of threats. Nigerian organisations currently struggle with business email compromise and cloud exploitation. South Africa is seeing a sharp rise in ransomware, smishing, and botnet infections like Vo1d and XorDDoS. Kenya has had ransomware attacks aimed at its energy infrastructure. Morocco has suffered coordinated attacks on government and education platforms through DDoS campaigns and website defacement.
The report outlines five major shifts reshaping Africa’s cyber risk landscape in 2025. Ransomware has evolved into data-leak extortion campaigns. AI-generated deception has become common. Digital identity has turned into the new frontline of security. Weak cybersecurity can now threaten international market access due to regulations such as the EU’s NIS2 Directive. And digital resilience has moved from a technical requirement to an economic necessity for businesses and governments.
The study calls on African organisations and government bodies to move aggressively toward prevention-driven security models. It urges continuous risk assessment, regulatory compliance, stronger identity protection, and deeper collaboration between the public and private sectors.
Oseghale stressed that as AI transforms business operations across the continent, cybersecurity must also evolve. He said the real challenge is not adopting new digital tools but protecting the trust that makes those tools viable. He warned that without predictive, forward-thinking security, organisations risk falling behind in a rapidly changing threat landscape.
