The Nigeria Data Protection Commission (NDPC) has revealed that its online service portal was hit by over 2,000 hacking attempts within a single week, raising fresh concerns about the rising wave of cyber threats targeting public institutions as Nigeria deepens its digital transformation drive.
The Commission’s National Commissioner and Chief Executive Officer, Dr. Vincent Olatunji, made this known on Monday in Abuja during a technical and organisational drill on data protection measures organised for IT administrators across Ministries, Departments and Agencies (MDAs).
He explained that the scale of the attacks shows how vulnerable government systems can be if cybersecurity is not continuously strengthened, especially as more services move online.
“Within one week, we experienced more than 2,000 attempts on our service portal. More than 2,000 within one week, you can imagine what that means,” he said.
Olatunji noted that cyberattacks vary in intent, ranging from attempts to disrupt operations and embarrass institutions to financial extortion and other malicious activities. He warned that government agencies are now increasingly attractive targets for hackers as digital service delivery expands.
According to him, although no major breach with severe national impact has been recorded yet, there is a need for proactive defence rather than reactive responses.
He stressed that Nigeria’s ongoing digitalisation agenda has made cybersecurity more critical than ever, pointing out that the push toward e-governance has significantly widened the attack surface for public institutions.
He also recalled that the country’s digital journey gained momentum after the introduction of the National Information Technology Policy in 2001, which laid the foundation for government-wide digital reforms.
Olatunji disclosed that plans are underway to fully digitalise 35 federal ministries within weeks, while more than 100 government agencies are already part of the broader integration process.
He added that several MDAs now offer online services that allow citizens to complete transactions without visiting physical offices, including the NDPC itself, where applications and payments can be processed electronically.
However, he cautioned that increased integration brings greater exposure to cyber risks, especially since many government platforms depend on technologies developed and managed by private sector providers.
“When you move to full integration, there is always the likelihood that bad actors will target your network,” he said.
To address these risks, he called for the training of more cybersecurity professionals within government systems, describing them as “cyber warriors” needed to defend critical digital infrastructure.
Olatunji further explained that data protection must be treated as a core requirement at all stages of digital development, not something to be considered only after full automation is achieved.
He reminded participants that MDAs are legally classified as data controllers because they handle personal information belonging to citizens and non-citizens alike, making compliance with the Nigeria Data Protection Act essential.
The NDPC boss also highlighted improvements in compliance levels across the public sector, noting that adherence to data privacy standards has grown from about 4 per cent in earlier years to over 20 per cent currently.
He added that more agencies are now allocating budgets for data protection activities, appointing data protection officers, and implementing technical safeguards.
Olatunji urged participants at the training to transfer the knowledge gained to their respective organisations and develop practical implementation plans to strengthen compliance.
He also revealed ongoing certification programmes and induction training for data protection officers, including support through the National Privacy Academy, where participants are given access to self-paced learning resources.
In her remarks, the Head of Research and Development at the NDPC, Dr. Tolulope Pius-Fadipe, said the training was part of the Commission’s broader strategy to build a stronger data protection ecosystem across government institutions.
She noted that the programme is designed to promote responsible data handling, enhance public trust, and ensure agencies can maintain operations even during cyber incidents.
Similarly, the Head of Information Technology and Cybersecurity at the Commission, Mr. Olorunisomo Isola, said the workshop was organised in response to rising cyberattacks on government systems.
He explained that participants were being equipped with practical skills in areas such as risk management, encryption, cloud security, incident response, and data protection assessments.
The training, he added, would end with actionable plans to improve cybersecurity governance and ensure compliance with national data protection laws across MDAs.