Nigerian organisations are now facing the highest volume of weekly cyberattacks on the continent, according to the newly released African Perspectives on Cyber Security Report 2025 by Check Point Software Technologies Ltd., a global cybersecurity leader.

The report shows that companies in Nigeria experience an average of 4,200 cyberattacks per week, far exceeding the African average of 3,153 and standing 60 per cent above the global average of 1,963 attacks per organisation. The surge, analysts say, is being fuelled by increasingly sophisticated threats powered by artificial intelligence.

Country Manager for West Africa at Check Point, Kingsley Oseghale, said cybercriminals are rapidly adopting AI to automate and scale attacks, making traditional defensive methods insufficient.

“AI has become part of the attack surface,” Oseghale said. “Attackers are using it to automate phishing and identity theft at scale. The only effective response is prevention-first security that combines visibility, governance, and AI protection.”

According to the report, cybercriminals are targeting vulnerabilities created by exposed identities, misconfigured systems, and weak cloud security. Critical sectors such as finance, energy, telecommunications, and government institutions remain top targets. The most common attack patterns include identity-led intrusions, AI-enabled phishing, and multi-layered ransomware campaigns.

Across the continent, Check Point identified country-specific trends:

• Nigeria is grappling with business email compromise and cloud exploitation.
• South Africa is battling a rise in ransomware, smishing, and botnet infections such as Vo1d and XorDDoS.
• Kenya has recorded ransomware attacks on critical energy infrastructure.
• Morocco has experienced coordinated disruptions in government and education systems through DDoS attacks and website defacements.

The report outlines five major shifts defining Africa’s cyber-risk landscape for 2025: the evolution of ransomware into data-leak extortion, widespread AI-generated deception, the rise of identity as the new security perimeter, and growing regulatory pressure from frameworks such as the EU’s NIS2 Directive. Weak cybersecurity, it warns, now poses not only operational risks but also potential barriers to international market access.

The study calls for African governments and businesses to adopt prevention-first security models, strengthen regulatory preparedness, and expand collaboration between public and private sectors.

Oseghale noted that as AI continues to transform business operations, cybersecurity must move ahead of attackers rather than respond after the damage is done.

“The real challenge is not adopting new technology but securing the trust that underpins it,” he said.