Nigerian technology entrepreneur and digital media publisher Asaaju Peter has spoken out on one of the most overlooked threats facing the country’s growing technology sector. He described the widespread absence of basic cybersecurity frameworks across Nigerian companies as a serious problem that has left sensitive customer and business data exposed to criminal hackers with increasing regularity.
Asaaju Peter said that too many Nigerian technology companies are building products, acquiring customers, and processing sensitive data without putting in place the security architecture that responsible data management requires. He expressed concern that the consequences of this negligence are falling not on the companies themselves but on ordinary Nigerian customers whose personal and financial information ends up in the wrong hands.
He said: “The Nigerian tech industry is growing fast and that is genuinely exciting. But growth without security is reckless. Companies are collecting names, phone numbers, bank details, and personal records from millions of Nigerians and storing that data without adequate protection. When those systems are breached, it is the customers who suffer.”
The Scale of the Problem in Nigeria
Nigeria’s digital economy has expanded significantly over the past decade. Fintech platforms, e-commerce companies, healthtech startups, and digital media organisations collectively hold the personal data of tens of millions of Nigerian citizens. The Nigeria Data Protection Act of 2023 established a legal framework for data governance and the National Information Technology Development Agency has issued guidelines for cybersecurity compliance. However, enforcement remains inconsistent and many smaller and medium-sized technology companies operate without dedicated security personnel, formal data protection policies, or regular security audits.
The consequences of this gap have been visible. Several Nigerian companies across different sectors have experienced data breaches in recent years in which customer information was accessed without authorisation. In some cases the breaches were reported publicly. In many others they were not, leaving affected customers unaware that their data had been compromised.
What Asaaju Peter Says Companies Must Do
Asaaju Peter outlined several practical steps he believes Nigerian technology companies must take immediately to address the cybersecurity gap. He said every company that collects customer data should conduct a basic security audit to understand where their vulnerabilities are. He said companies must invest in staff training because human error including weak passwords, phishing susceptibility, and poor data handling habits remains the leading cause of successful cyberattacks globally.
He also called on companies to take data encryption seriously, to limit internal access to sensitive data on a need-to-know basis, and to have a clear tested incident response plan ready for the moment a breach occurs rather than trying to manage the crisis without preparation.
He added: “Cybersecurity is not a luxury that only big companies can afford. There are affordable tools and frameworks available. What is missing in most cases is not money. It is awareness and the will to prioritise security before a breach happens rather than after.”
The Regulatory Picture
The Nigeria Data Protection Commission, established under the Nigeria Data Protection Act 2023, has the mandate to enforce data protection standards across organisations operating in Nigeria. Companies that fail to protect customer data adequately face regulatory sanctions under the act. However, many industry observers note that the commission is still building its enforcement capacity and that a significant number of companies remain non-compliant without facing immediate consequences.
Asaaju Peter called on the commission to increase the visibility and frequency of its compliance activities, particularly for companies in the fintech and e-commerce sectors where the volume and sensitivity of customer data creates the greatest risk when security is inadequate.
A Call to Nigerian Tech Founders
Asaaju Peter directed his strongest message at the founders and chief executives of Nigerian technology companies, calling on them to treat cybersecurity as a core business responsibility rather than a technical afterthought. He said that a company which suffers a preventable data breach has not just failed its customers technically but has broken the trust that is the foundation of every business relationship.
He concluded: “Nigerian tech is capable of competing globally. But global competition comes with global standards. Companies that take data security seriously will build stronger customer loyalty, attract better investment, and avoid the kind of reputational damage that a data breach causes. Those that do not take it seriously are gambling with other people’s information. That is not acceptable.”
Top comments (0)