Deloitte Warns of Rising Ransomware and Phishing Threats in Nigeria for 2026
The report warns that cybercriminals are becoming increasingly sophisticated, using advanced tools to exploit vulnerabilities across businesses and public institutions.
In its “Nigeria Cybersecurity Outlook 2026” report, Deloitte highlights a growing risk of ransomware and phishing attacks as Nigeria’s digital economy expands and more services move online. The report warns that cybercriminals are becoming increasingly sophisticated, using advanced tools to exploit vulnerabilities across businesses and public institutions.
Nigeria currently ranks third in Africa for phishing incidents, with nearly 3,500 cases recorded in 2024. Cyber attackers are now leveraging artificial intelligence to create highly convincing phishing campaigns, impersonating banks, regulators, or colleagues in ways that can bypass traditional security filters. The accessibility of hacking tools has broadened the attack surface, with SMEs, hospitals, and public administrations increasingly targeted due to their often limited cybersecurity resources. Ransomware typically follows phishing breaches, allowing attackers to lock systems, steal sensitive data, and demand payments under the threat of public disclosure.
The economic impact of cybercrime has been significant, with Nigeria losing more than $3 billion between 2019 and 2025, and annual losses estimated at around $500 million. The rapid migration of payments, data, and critical services online is expected to drive further increases in cyber threats in 2026.
Deloitte emphasizes that organizations do not necessarily need expensive or complex solutions to build resilience. Recommended measures include human-AI collaboration for better threat detection, adopting a Zero Trust security architecture to verify every access request based on identity and intent, and implementing basic cybersecurity hygiene, such as staff training, stronger account protection, and clear recovery plans.
The report underscores the urgent need for Nigerian businesses and public institutions to proactively strengthen their cybersecurity posture, ensuring protection against increasingly sophisticated and financially damaging digital threats.
