Nigeria is navigating a worrying rise in cyberthreats, with Kaspersky’s data revealing that nearly 6.5 million attack attempts were thwarted in the first six months of 2025. The steep uptick in incidents—from phishing and spyware to password-stealing malware—underscores the urgency confronting government institutions, businesses, and everyday Nigerians alike.
Table of Contents
Unpacking the Numbers: A Closer Look at the Landscape
Kaspersky’s latest figures paint a stark picture:
- Online (web-based) attacks accounted for approximately 1.46 million attempts blocked.
- On-device threats, such as malware hidden on USBs, CDs, or deceptive software installers, numbered around 4.97 million incidents thwarted.
These figures translate to nearly 1 in 5 Nigerians, or 19.9%, experiencing a web-based threat attempt, while 28.6% encountered on-device malware in H1 2025. That’s close to one-third of users, underscoring how pervasive the issue has become.
Compared with H1 2024, there’s been a marked escalation:
- Password-stealing malware surged by 66%.
- Spyware detections climbed by 53%.
- Backdoor infections also grew by 12%.
Interestingly, while overall phishing attempts declined by 52%, those that remained showed a worrying trend: financial-themed phishing (targeting banks, e-shops, payment systems) increased by 46%, with more than 595,000 such detections recorded.
Industrial Risks and Critical Infrastructure Under Siege
Cyber threats in Nigeria aren’t limited to personal devices or corporate networks—they’re actively targeting critical industrial systems.
Kaspersky reports that 26.5% of Industrial Control Systems (ICS) in Nigeria faced blocked attacks in the first half of 2025. Particularly vulnerable sectors include:
- Construction
- ICS engineering and integration
- Power energy
- Biometrics
Nigeria, and indeed Africa, grapples with some of the highest rates of such threats globally.
What’s Fueling the Surge?
According to Chris Norton, General Manager for Sub-Saharan Africa at Kaspersky:
“Every day, more people in Africa and in Nigeria specifically are moving their businesses, banking, and even daily errands online. But with this opportunity comes a challenge. Cybercriminals are also becoming more active, targeting not only big companies and government networks, but also ordinary people, small businesses, and industrial infrastructures we depend on.”
In essence, Nigeria’s rapid digital embrace—with everything from mobile banking to industrial automation—comes paired with growing cyber vulnerability. As access increases, so do opportunities for exploitation.
The Broader Regional Context
Nigeria’s challenge mirrors broader regional trends. Sub-Saharan Africa as a whole saw 42.4 million web attacks and 95.6 million on-device attacks in H1 2025.
Beyond Nigeria, other African nations—such as South Africa, Kenya, Cameroon, and Rwanda—have also experienced sharp increases in web-based threats and phishing activities, driven by expanding internet penetration and digital adoption.
What’s At Stake—and How We Can Respond
The sheer scale of the attacks—from nearly 6.5 million blocked threats to a broadening attack surface—highlights a pressing need for action at every level.
For Individuals and Households
- Be cautious of phishing attempts, especially those masquerading as financial institutions or e-commerce platforms.
- Avoid using untrusted USBs or installing dubious software, even if it seems harmless or beneficial.
- Update devices regularly to patch vulnerabilities and make use of antivirus/anti-spyware protections.
For Small Businesses
- Invest in basic cybersecurity measures—firewalls, antivirus, secure backup systems.
- Train staff to recognise phishing lures and password-stealing scams.
- Audit USB and media policies, especially for devices entering industrial or critical infrastructure zones.
For Corporations and Industrial Operators
- Proactively secure Industrial Control Systems—especially in vital sectors like construction and power.
- Adopt endpoint detection tools, intrusion detection systems, and regular penetration testing.
- Foster incident response protocols—from detection to containment and recovery.
For Policymakers and Regulators
- Roll out nationwide cybersecurity awareness campaigns, targeting both urban and rural populations.
- Offer subsidy incentives or funding channels for businesses to adopt cybersecurity infrastructure.
- Establish legal frameworks requiring critical sectors to comply with cyber-resilience standards.
Looking Ahead: GITEX Nigeria and Cyberfront Progress
Kaspersky will be taking its findings and insights to GITEX Nigeria, scheduled for September 3–4, 2025, in Lagos. There, the cybersecurity firm plans to share practical strategies, deliver hands-on workshops, and guide businesses and individuals in strengthening cyber resilience.
This engagement couldn’t come at a more crucial time. As Nigeria continues to deepen its digital footprint, events like GITEX offer a platform to build awareness, share expertise, and galvanise collective action against an escalating cyber threat landscape.
Conclusion
Summing it up, Nigeria’s experience in the first half of 2025 reflects a digital paradox:
- Increased connectivity and convenience bring real progress—but also significant cyber risks.
- Nearly 6.5 million cyber threats blocked is both a testament to the increasing aggressiveness of attackers and to the importance of robust cybersecurity measures.
- From personal devices to industrial systems, the threat is omnipresent—and so must be our response.
The path forward demands a multi-stakeholder approach—where individuals, businesses, regulators, and tech experts all play their part. Awareness, preparedness, and collaboration will ultimately determine how effectively Nigeria navigates—and secures—its digital future.
Join Our Social Media Channels:
WhatsApp: NaijaEyes
Facebook: NaijaEyes
Twitter: NaijaEyes
Instagram: NaijaEyes
TikTok: NaijaEyes
