Organizations across all industries are becoming more reliant on digital technology to get the job done. In this era of digital transformation, technologies such as the Internet of Things (IoT), social media, machine learning (ML) big data analytics, artificial intelligence (AI), and augmented reality exist to help organizations realize their strategic business objectives.

Although digital transformation and the adoption of new technologies create a variety of illustrious new business opportunities, it also inherently introduces new forms of risk and challenges. This appears to be a lucrative market for cyber criminals to commit various crimes both on individuals and businesses

According to a report by Surfshark, a cybersecurity company, Nigeria recorded 82,000 data breaches in the first quarter of 2023 (January to March). Some other forms of attack ranged from concerted attacks by individuals who hack for personal gain or malice to poorly configured system security or careless disposal of used computer equipment or data storage media.1

 These challenges coupled with the risks, necessitated the enactment of some legislation in Nigeria for the protection of both individuals and businesses. In this piece, an overview of the laws regulating cybersecurity and data protection shall be given while proffering solutions to safeguard and mitigate risks in the face of data breaches or cyber-attacks.


1. Data privacy breach: A cybersecurity firm, Surfshark, has revealed that the incidence of data breaches in Nigeria increased by 64 percent in 2023. The consequence for those whose data was compromised is that they are at an increased risk of being targeted by cybercriminals and their personal information can be utilized for phishing attacks, fraud, identity theft, and other serious cybercrimes.

2. Cyber Crimes: Digitalization has also led to an increase in crimes perpetrated on the internet. These crimes often referred to as cybercrimes are one of the unfortunate frailties that attend digitalization. Some examples of these cyber crimes include cyber terrorism, identity theft, impersonation, phishing, spamming, cybersquatting, cyberstalking, etc.


1. The Cybercrime (Prohibition and Prevention) Act, 2015: The Act provides an effective, unified, and comprehensive legal, regulatory, and institutional framework for the prohibition, prevention, detection, prosecution, and punishment of cybercrimes in Nigeria. The Act penalizes cybercrimes and offenses such as cyber terrorism, identity theft, impersonation, phishing, spamming, cybersquatting, cyber stalking, etc

2. The Nigerian Data Protection Act, 2023: The Act imposes some obligations on data controllers and organizations when handling data. Some of the compliance obligations imposed on data controllers under the Act include filing of annual data protection audit, appointment of data protection officers, training of staff on data protection compliance, engaging the services of a Data Protection Compliance Organization, etc


A business can safeguard against cyber threats and data breaches by ensuring:

  1. Employee training and awareness: Regularly conducting training and awareness on safe data protection techniques, handling of cyber threats and best practices will help the organization safeguard against cyber threats and data breaches.
  • Use of firewalls and security software: The use of strong firewalls and updated security software will assist an organization in avoiding cyber threats and data breaches.
  • Use of data encryption: Encryption of sensitive information both when it's stored and transmitted helps safeguard the information as well as render it indecipherable to unauthorized users.
  • Regular data backup: Carrying out regular backup of data and systems can be employed by an organization to help reduce data loss in the event of a breach.
  • Compliance with data privacy laws: One of the ways businesses can protect themselves is by ensuring adequate compliance with the data protection regime in Nigeria. This can be achieved by:
  1. Ensuring there is existence of a privacy policy that is updated and meets the standards required under the NDPA
  2. Ensuring annual filing of its data privacy audit
  3. Implementing technical and organizational measures to safeguard the protection of personal data
  4. Appointing a data protection officer who regularly advises and provides guidance on its compliance obligations
  5. Having a data protection impact assessment that explains its processing activities, possible risks to users, and the modalities in place to mitigate those risks when they occur
  6. Engaging the services of a Data Protection Compliance Organization (DPCO)
  7. Ensure personal data is processed in line with the principles under the NDPA
  8. Ensuring the provision of data privacy training for members of staff
  9. Ensuring prompt reportage of data breaches to the NDPC2, etc.

By doing these, a business enjoys some benefits such as customer trust, avoidance of fines by the regulator, and an increase in clientele.


It is important for companies to continuously ensure that measures are put in place to safeguard their business by taking advantage of the necessary data protection and cyber security laws. Just as importantly, doing this protects the data rights of their customers, builds trust with them, and helps the company maintain a strong reputation of data compliance within its industry.


1. Omoleye Omoruyi, “ Nigeria sees 64% increase in data breaches, recording an outstanding 82,000 episodes in Q1 2023”, , accessed on September 18, 2023.

2. This must be done within 72 hours of becoming aware of such a breach

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.