Check Point’s 2025 Cybersecurity Outlook shows Nigerian organisations hit by 4,200 attacks weekly, driven by AI-powered phishing, identity breaches, and cloud exploitation
Nigerian businesses are now the most targeted on the continent, facing an average of 4,200 cyberattacks every week, far above Africa’s average of 3,153 and roughly 60 per cent higher than the global average of 1,963 weekly attacks per organisation.
This is according to the newly released African Perspectives on Cyber Security Report 2025 by Check Point Software Technologies, a global cybersecurity and threat-intelligence company. The report paints a concerning picture of Nigeria’s digital landscape, revealing that cybercriminals are increasingly exploiting exposed identities, misconfigured cloud systems, and weak security controls across high-value sectors such as finance, energy, telecommunications, and government.
Check Point’s findings show a sharp rise in identity-led breaches, AI-generated phishing campaigns, and complex multi-vector ransomware attacks targeting Nigerian organisations.
Across the continent, threat patterns vary by country. Nigeria is grappling with a surge in business email compromise (BEC) schemes and cloud intrusion attempts. South Africa is battling escalating ransomware infections, smishing campaigns, and botnets such as Vo1d and XorDDoS. Kenya has seen ransomware aimed at critical energy infrastructure, while Morocco has suffered coordinated attacks on government and education platforms through DDoS disruptions and website defacements.
The Country Manager for West Africa at Check Point, Kingsley Oseghale, warned that the rapid adoption of artificial intelligence has become a double-edged sword for African businesses.
“AI has become part of the attack surface,” he said. “Attackers are using it to automate phishing, impersonation, and cloud exploitation at scale. The only effective response is prevention-first security that combines visibility, governance and AI protection.”
Oseghale stressed that cybersecurity must evolve from reactive defence to predictive protection as organisations increasingly integrate AI into their operations.
“The real challenge is not adopting new technology but securing the trust that underpins it,” he said.
The report identifies five major shifts reshaping Africa’s cyber-risk environment for 2025:
- conventional ransomware has morphed into data-leak extortion;
- AI-powered deception is becoming mainstream;
- identity has replaced the network edge as the new security perimeter;
- attackers are exploiting automation at scale;
- and regulatory pressure is now tied to global market access.
According to Check Point, poor cybersecurity practices could soon limit African organisations’ ability to trade internationally, particularly under frameworks such as the EU’s NIS2 Directive, which demands stricter digital resilience.
The study urges African businesses and governments to prioritise prevention-first security models that include continuous risk assessment, regulatory compliance readiness, and stronger public-private collaboration.
About the Author
