In Q1 2023, Nigeria ranked 32nd among the most breached countries in the world, recording the leak of 82,000 accounts. Compared to the last quarter of 2022, an analysis by Surfshark, an Amsterdam-based cybersecurity firm, shows a 64% increase.
Recall that earlier this year, the Nigeria Data Protection Bureau (NDPB) commenced an investigation into allegations of data breach by two Nigerian banks. "There are reports by the Nigeria Inter-Bank Settlement System (NIBSS) which indicated that within nine months of 2020, fraudsters attempted 46,126 attacks and they were successful with 41,979 occasions representing 91 per cent of the time," according to Vincent Olatunji, National Commissioner of NDPB. "This level of vulnerability to a data breach is unacceptable."
Aside from the two banks, the NDPB is currently investigating over 110 companies on data breach allegations. "When you factor in the lack of due diligence on the part of data controllers in engaging data processors or vendors that have access to the personal data of customers, you find in some cases abuse and violation of the Nigeria Data Protection Regulation (NDPR) and section 37 of the 1999 Constitution," says Olatunji.
Less attention is paid to the management of data collection and protection in Nigeria. In the now defunct Nigeria Data Protection Regulation 2019 (NDPR), companies were not obligated to report data breaches, experts argue that this omission is a critical missing piece: "Although organisations feel reporting incidents can damage their reputations, reporting incidents act as a deterrent for poor cyber practices," Oruaro Ogbo, a technology consultant, stated.
Nigerian president, Muhammadu Buhari in February 2022 approved the establishment of the Nigeria Data Protection Bureau (NDPB) to take charge of data protection enforcement instead of the National Information Technology Development Agency.
While regulators like NDPB might help to check this growing breaches, individuals and organisations also need to be educated on the role of cybersecurity this will deepen trust and the capacity of both entities.
How did Surfshark conduct the research?
Surfshark collated the data from 29,000 publicly available databases and aggregated by email address. To determine the location of the email address, the firm and its partners used associated parameters, such as domain names, IP addresses, locales, coordinates, currency or phone numbers, then a statistical analysis of their findings was carried out.
Countries with a population of less than 1 million people are not included in the analysis.
Globally, data breaches declined, dropping to one user account leaked every second in Q1’2023. "However, the fact that over 40 million accounts were breached in just a few months is still a cause for concern," Agneska Sablovskaja, Lead Researcher at Surfshark, said in a statement shared with Bendada.com. "Those whose data was compromised are at an increased risk of being targeted by cybercriminals as their personal information can be utilized for phishing attacks, fraud, identity theft, and other serious cybercrimes."
About 41.6 million accounts were breached last quarter across the globe, the report says, Russia has the highest breaches, followed by the United States, Taiwan, France and Spain.