Nigeria's drive to digitize public services is increasingly exposing government institutions to cyber threats, with the Nigeria Data Protection Commission (NDPC) revealing that hackers launched more than 2,000 attacks on its portal, leading to a temporary network shutdown.
Vincent Olatunji, national commissioner and CEO of the NDPC, stated that these attacks underscore the growing vulnerabilities in the country's digital ecosystem as ministries, departments, and agencies (MDAs) accelerate the adoption of online platforms.
Cybercriminals are increasingly targeting government institutions for financial extortion, service disruption, and to undermine public confidence. Olatunji noted that while no major impact on the economy or citizens' data has been observed yet, proactive measures are necessary.
The disclosure coincides with the Federal Government's intensified efforts to deepen e-governance and expand digital service delivery. Nigeria's digitalization drive, initiated with the National Information Technology Policy in 2001, aims for seamless interaction between citizens, businesses, and government agencies.
Plans are in motion to fully digitalize 35 ministries within weeks, with over 100 government agencies already engaged in digital transformation initiatives. Many MDAs have deployed platforms for remote service access, reducing the need for physical visits.
However, Olatunji warned that greater integration of government systems expands the attack surface for cybercriminals. He emphasized that strengthening cybersecurity capabilities must be a critical component of Nigeria's digital transformation agenda, calling for the development of skilled cybersecurity professionals.
The NDPC's capacity-building initiatives support its strategic roadmap, focusing on human capital development, technology ecosystem growth, and inter-agency collaboration. Olatunji observed varying levels of e-governance maturity across MDAs, stressing that data protection measures should be embedded from the outset.
Government institutions, as data controllers under the Nigeria Data Protection Act (NDPA), are responsible for securing personal information. Olatunji urged MDAs to implement required technical and organizational safeguards for databases, digital platforms, and critical information assets, stating that technology alone is insufficient without skilled personnel.
Data privacy compliance across the public sector has improved, rising from approximately 4% to over 20%. Many government institutions are now allocating budgets for privacy and data protection programs, including appointing data protection officers and deploying security controls.
The NDPC has expanded its certification programs and training initiatives through its National Privacy Academy to further strengthen compliance. The commission plans to extend these programs to permanent secretaries and senior government officials to enhance understanding of data protection obligations.
Tolulope Pius-Fadipe, head of research and development at the NDPC, stated that the initiative aims to build a resilient data protection framework across government institutions, improving responsible data management practices and enhancing the protection of sensitive government information.
Olorunisomo Isola, head of information technology and cybersecurity at the NDPC, noted that the training program addresses rising cyber incidents targeting public infrastructure. Participants will receive practical training on governance, risk, compliance, data protection impact assessments, encryption, cloud security, database security, and cyber incident response.
The program is expected to yield implementation plans to help government institutions strengthen data protection governance, reduce cyber risks, and improve NDPA compliance. For policymakers, the attacks highlight the challenge of matching e-governance expansion with investments in cybersecurity capacity, data protection, and institutional resilience.
