Nigerian organisations are now facing the highest weekly cyberattack rates in Africa, according to Check Point Software Technologies’ newly released African Perspectives on Cyber Security Report 2025.
The report shows that Nigerian firms are hit by an average of 4,200 attacks per week—well above the African average of 3,153 and 60% higher than the global average of 1,963 per organisation. The findings underscore a sharp surge in cyber threats across the continent, fuelled largely by AI-driven attacks.
Check Point’s Country Manager for West Africa, Kingsley Oseghale, said attackers are increasingly leveraging AI to automate phishing schemes, impersonate trusted entities, and exploit vulnerabilities in cloud environments.
“AI has become part of the attack surface,” Oseghale said. “Attackers are using it to automate phishing and identity theft at scale. The only effective response is prevention-first security that combines visibility, governance, and AI protection.”
The report warns that cybercriminals are exploiting exposed identities and poorly configured systems to hit key sectors such as finance, energy, telecoms, and government.
It adds that identity-driven intrusions, AI-generated phishing, and multi-vector ransomware attacks are increasing sharply.
Across Africa, Check Point highlighted distinct threat patterns in major markets. Nigeria is grappling with business email compromise and cloud exploitation; South Africa is seeing a surge in ransomware, smishing, and botnet infections like Vo1d and XorDDoS; Kenya has faced ransomware attacks on key energy infrastructure; while Morocco has recorded coordinated disruptions in the government and education sectors through DDoS assaults and website defacements.
The report identifies five major shifts reshaping Africa’s cyber risk landscape in 2025. Traditional ransomware has morphed into data-leak extortion schemes, AI-driven deception is becoming pervasive, and identity is now the new security perimeter. It further warns that weak cybersecurity can jeopardise international market access under rules such as the EU’s NIS2 Directive, making digital resilience an economic imperative.
The study calls on African businesses and governments to adopt a prevention-first approach to cybersecurity, emphasising continuous risk assessment, regulatory preparedness, and stronger public-private collaboration.
