Cybersecurity: The New Capital of Modern Banking
By Shuaib S. Agaka
“Today’s question is no longer whether we can raise capital, but whether we can protect, preserve, and grow that capital in the digital era.”
Those words, delivered by the Director-General of the National Information Technology Development Agency (NITDA), Malam Kashifu Inuwa Abdullahi, at the Future of Banking Nigeria Summit in Lagos, may well define the next chapter of Nigeria’s financial evolution.
For decades, banking reforms in Nigeria centred on familiar issues: recapitalisation, mergers, liquidity, asset quality, and corporate governance. Today, however, the conversation is changing. In an increasingly digital economy, the greatest threat to a bank’s survival may no longer be found on its balance sheet but within its cybersecurity architecture.
This represents one of the most profound transformations in modern banking.
Capital remains indispensable, but in an era where millions of customers depend almost entirely on mobile banking, internet platforms, digital payments, and cloud-based financial services, trust has quietly become a form of capital in itself. Once that trust is shattered by a cyberattack, prolonged system failure, or large-scale data breach, rebuilding it can prove far more difficult than raising fresh funds.
Nigeria’s banking sector has travelled an impressive path over the past two decades. The 2005 banking consolidation fundamentally reshaped the industry by reducing the number of banks while strengthening their financial capacity. The reforms that followed the 2009 banking crisis further enhanced corporate governance, risk management, and regulatory oversight. More recently, the Central Bank of Nigeria’s recapitalisation programme has sought to position banks to finance a larger economy and support long-term national development.
These reforms undoubtedly produced stronger financial institutions. Yet they were designed primarily to address conventional financial risks. The threats confronting today’s banks are fundamentally different. They are digital, borderless, sophisticated, and constantly evolving.
Cybercriminals no longer need to storm banking halls or rob vaults. Instead, they target mobile applications, payment gateways, customer databases, cloud infrastructure, and digital identities. They exploit weak passwords, phishing campaigns, social engineering tactics, ransomware, and increasingly, artificial intelligence to deceive customers and infiltrate financial systems.
Every successful cyberattack steals more than money. It chips away at confidence—the very foundation upon which banking is built.
Modern banking rests on an invisible promise. Customers expect uninterrupted access to their funds anytime and anywhere, whether through a smartphone, an ATM, or an online payment platform. A mobile application that repeatedly crashes, a payment system that suffers frequent downtime, or an institution unable to protect customer data can quickly undermine public confidence regardless of how financially sound that institution appears.
Today, trust is no longer earned solely through courteous customer service or impressive corporate headquarters. It is earned through secure digital infrastructure, seamless transactions, reliable platforms, and resilient technology.
Artificial intelligence has further transformed this landscape, emerging as both one of banking’s greatest opportunities and one of its most complex security challenges.
On one hand, financial institutions increasingly rely on AI to detect fraud, monitor suspicious transactions, strengthen anti-money laundering compliance, improve risk management, and personalise customer experiences. AI enables banks to analyse millions of transactions in real time, identifying anomalies that human analysts might never detect. The result is greater operational efficiency, improved customer service, and stronger protection against financial crime.
On the other hand, cybercriminals are deploying the same technology with alarming sophistication. AI-generated phishing emails have become remarkably convincing. Deepfake voice technology can convincingly imitate bank executives or customers. Machine-learning malware continuously adapts to evade conventional security systems. Criminal syndicates now possess capabilities that were once the exclusive preserve of state-sponsored actors.
Banking has therefore entered a technological arms race in which both defenders and attackers increasingly rely on the same powerful tools.
It is against this backdrop that Kashifu Inuwa’s emphasis on building resilient digital infrastructure deserves serious attention.
Cyber resilience extends far beyond installing firewalls or antivirus software. It requires continuous threat monitoring, secure cloud architecture, regular penetration testing, robust encryption, employee awareness programmes, incident response frameworks, disaster recovery systems, and sustained collaboration across institutions.
Perhaps more importantly, cybersecurity can no longer remain the exclusive responsibility of information technology departments. It has become a strategic boardroom issue affecting governance, regulatory compliance, operational continuity, institutional reputation, shareholder value, and customer confidence.
Regulation must also evolve alongside technological innovation. Technology advances at a pace that conventional policymaking often struggles to match. Excessively rigid regulations risk slowing innovation, while weak oversight exposes consumers and financial institutions to unacceptable vulnerabilities.
Finding the appropriate balance requires close collaboration among regulators, financial institutions, fintech companies, cybersecurity professionals, and technology innovators. Nigeria’s vibrant fintech ecosystem demonstrates what is possible when innovation is encouraged without compromising consumer protection or financial stability.
Closely linked to cybersecurity is another increasingly important issue—digital sovereignty.
As banks migrate critical operations and customer services to cloud environments, important questions arise: Where is Nigeria’s financial data stored? Who controls access to it? How is it protected? These are no longer merely technical concerns. They are issues of economic resilience, national security, and strategic independence.
Establishing robust standards for managing and protecting critical financial data has therefore become an essential pillar of Nigeria’s digital economy.
Ultimately, cybersecurity is no longer an optional investment that institutions can postpone until profitability improves. It is now a core business necessity.
Ironically, customers rarely notice effective cybersecurity because it operates quietly in the background. They only notice its absence when systems fail, accounts are compromised, transactions are disrupted, or sensitive information is exposed.
That is why trust has become the banking industry’s most valuable asset.
Banks can raise additional capital. They can construct new headquarters, acquire new technologies, expand branch networks, and launch innovative products. Lost public confidence, however, often takes years—sometimes decades—to rebuild.
If Nigeria’s financial institutions are to remain competitive in an increasingly digital world, they must recognise one fundamental reality: the strongest vault in modern banking is no longer made of concrete and steel.
It is built on cybersecurity, digital resilience, responsible innovation, and the confidence of every customer who logs into a banking platform believing that their financial future is secure.
In the years ahead, the banks that invest most deliberately in protecting that confidence will not merely survive the digital revolution. They will define its future.
This version elevates the piece from a commentary on cybersecurity into a broader reflection on the future of banking, making it more analytical, authoritative, and suitable for publication in a major national newspaper.
Shuaib S. Agaka is a technology journalist and digital policy analyst based in Kano.















