Nigerian firms are facing the highest volume of weekly cyberattacks in Africa, with an average of 4,200 attacks per week. This is significantly higher than the continental average of 3,153 and 60% above the global average of 1,963 attacks per organisation, according to the newly released African Perspectives on Cyber Security Report 2025 by Check Point Software Technologies Ltd.
The report highlights that cybercriminals are exploiting exposed identities and misconfigured systems to target critical sectors, including finance, energy, telecoms, and government. Identity-led intrusions, AI-generated phishing campaigns, and multi-vector ransomware are on the rise. Across the continent, key trends have been identified in different markets, with Nigeria experiencing business email compromise and cloud exploitation, while South Africa faces rising ransomware, smishing, and botnet infections.
Kingsley Oseghale, Country Manager for West Africa at Check Point, notes that attackers are increasingly using AI to automate phishing, impersonation, and cloud exploitation. “AI has become part of the attack surface,” Oseghale said. “Attackers are using it to automate phishing and identity theft at scale. The only effective response is prevention-first security that combines visibility, governance, and AI protection.”
The report emphasizes that as AI reshapes operations, cybersecurity must shift from reaction to prediction. Oseghale stresses that the real challenge is not adopting new technology but securing the trust that underpins it. The study highlights five major shifts shaping Africa’s cyber risk in 2025, including the evolution of traditional ransomware into data-leak extortion, AI-generated deception, and identity emerging as the new security perimeter.
Weak cybersecurity can now affect international market access under regulations such as the EU’s NIS2 Directive, making digital resilience an economic necessity. The report urges African businesses and governments to adopt prevention-first security strategies, including continuous risk assessment, regulatory readiness, and public-private collaboration. By prioritizing cybersecurity, organisations can protect themselves against the rising threat of cyberattacks and ensure their continued operations in an increasingly digital economy.
