Nigerian organisations are recording the highest weekly volume of cyberattacks in Africa, according to the African Perspectives on Cyber Security Report 2025 released by Check Point Software Technologies Ltd.
The report shows that firms in Nigeria face an average of 4,200 attacks per week, far above the continental average of 3,153 and 60 per cent higher than the global average of 1,963. The data points to a rising wave of cyber threats across the continent, fuelled by artificial intelligence-driven attack methods.
Check Point’s Country Manager for West Africa, Kingsley Oseghale, said threat actors are increasingly turning to AI to automate large-scale phishing, identity theft, and cloud exploitation. He explained that cybercriminals are leveraging exposed identities and misconfigured systems, targeting sectors such as finance, energy, telecommunications, and government. The report also links the rise in identity-led intrusions, AI-generated phishing and multi-vector ransomware to expanding digital footprints across African economies.
Across different markets, the study highlights distinct threat patterns: Nigeria is dealing with business email compromise and intensified cloud exploitation; South Africa is reporting increased ransomware, smishing attacks, and botnet infections like Vo1d and XorDDoS; Kenya has faced ransomware targeting critical energy infrastructure; while Morocco has recorded coordinated disruptions in government and education institutions through DDoS attacks and website defacement. These incidents form part of what the report identifies as five major shifts defining Africa’s cyber-risk landscape in 2025, including the evolution of ransomware into data-leak extortion and the growing role of identity as the primary security perimeter.
The report warns that weak cybersecurity now carries economic implications, as countries risk limitations in international markets under regulations such as the EU’s NIS2 Directive. It urges African organisations to adopt prevention-first security strategies centred on continuous risk assessment, stronger governance and regulatory preparedness. Oseghale added that as AI becomes embedded in business operations, cybersecurity strategies must evolve from reactive measures to predictive defence models.
