Nigeria came under extraordinary cyber pressure in Q3 2025, with threat activity reaching levels never before recorded.
According to the newly released esentry Eagle’s Eyes Q3 2025 Cybersecurity Report, data breaches involving Nigerian organisations skyrocketed by an astonishing 1,047% compared to the previous quarter.
The report reveals that Nigeria endured an average of 6,101 cyberattacks per week in July, a relentless pace that stretched through the entire quarter.
Analysts describe this surge as a critical inflection point, both in the volume and sophistication of threats, particularly those directed at high-value institutions, most notably within the fast-growing fintech ecosystem.
The report’s analysis indicated a decisive shift in how attackers gained access to corporate environments. Instead of exploiting technical vulnerabilities, adversaries increasingly entered systems using valid credentials, often harvested from previous data leaks or left active long after employees had departed.
Digital forensics conducted by esentry uncovered numerous cases in which dormant service accounts, stale identity tokens, and overlooked access rights enabled intruders to stealthily gain network access, establish persistence, and prepare for large-scale data extraction without raising immediate suspicion.
This transformation in attack patterns marked a clear departure from the opportunistic hacking that characterised earlier years. Attackers treated identity as the new point of entry, studying trust relationships and exploiting internal access pathways that organisations had not fully secured.
Nigerian and African institutions found themselves confronting adversaries who acted with greater patience and precision, blending into legitimate user activity in ways that made early detection far more difficult.
Commenting on the report, Gbolabo Awelewa, Chief Business Officer (CBO) of esentry, said, “As the threat landscape evolves, Nigeria is no longer dealing with opportunistic cybercrime, but confronting organised, identity-driven campaigns that move with intent, patience, and precision.
“Despite the surge in threats, this moment is also a turning point. With the proper controls, stronger identity oversight, and early-warning intelligence, Nigerian organisations can stay ahead of these attacks.
“Our role at esentry is to ensure that the future of cybersecurity in Nigeria is not defined by fear, but by preparedness and resilience.”
The report also noted that this surge in identity-centric intrusions mirrored global developments, though Nigeria experienced the shift with unusual intensity due to rapid digitisation and inconsistent identity governance.
As core infrastructure hardened, attackers refocused on identity structures as the least protected surface, exploiting gaps in monitoring and off-boarding processes and maintaining long-term access to corporate environments through subtle, low-noise techniques.
Looking ahead, the esentry report projected that identity-based threats would define the coming year for Nigerian organisations.
With adversaries refining this method of intrusion at scale, the esentry team urged institutions to reassess their security frameworks, prioritise continuous identity oversight, and adopt models capable of detecting credential misuse before it escalates into significant disruption.
The report concluded that Nigeria’s overall cyber resilience would depend on how quickly organisations recognised identity as the new perimeter and aligned their defences accordingly.
With a deep understanding of all facets of cybersecurity, esentry provides an end-to-end portfolio of services and products to businesses of all sizes worldwide.
It delivers customised cybersecurity services based on the unique needs of each customer segment.