Nigeria encountered a sweeping escalation in cyber threats in Q3 2025, as data breaches affecting Nigerian entities rose by an extraordinary 1,047% compared to the previous quarter.
Findings from the newly released esentry Eagle’s Eyes Q3 2025 cybersecurity report showed that the country logged an average of 6,101 attacks per week in July, a pace that continued through the quarter and marked a turning point in the volume and sophistication of attacks targeting high-value institutions, especially in the fintech sector.
The report’s analysis indicated a decisive shift in how attackers gained access to corporate environments. Instead of exploiting technical vulnerabilities, adversaries increasingly entered systems using valid credentials, often harvested from previous data leaks or left active long after employees had departed.
Digital forensics conducted by esentry uncovered numerous cases in which dormant service accounts, stale identity tokens, and overlooked access rights enabled intruders to stealthily gain network access, establish persistence, and prepare for large-scale data extraction without raising immediate suspicion.
This transformation in attack patterns marked a clear departure from the opportunistic hacking that characterised earlier years. Attackers treated identity as the new point of entry, studying trust relationships and exploiting internal access pathways that organisations had not fully secured.
Nigerian and African institutions found themselves confronting adversaries who acted with greater patience and precision, blending into legitimate user activity in ways that made early detection far more difficult.
Commenting on the report, Gbolabo Awelewa, chief business officer (CBO) of esentry, said,
“As the threat landscape evolves, Nigeria is no longer dealing with opportunistic cybercrime, but confronting organised, identity-driven campaigns that move with intent, patience, and precision. Despite the surge in threats, this moment is also a turning point. With the proper controls, stronger identity oversight, and early-warning intelligence, Nigerian organisations can stay ahead of these attacks. Our role at esentry is to ensure that the future of cybersecurity in Nigeria is not defined by fear, but by preparedness and resilience.”
The report also noted that this surge in identity-centric intrusions mirrored global developments, though Nigeria experienced the shift with unusual intensity due to rapid digitisation and inconsistent identity governance.
As core infrastructure hardened, attackers refocused on identity structures as the least protected surface, exploiting gaps in monitoring and off-boarding processes and maintaining long-term access to corporate environments through subtle, low-noise techniques.
Looking ahead, the esentry report projected that identity-based threats would define the coming year for Nigerian organisations.
With adversaries refining this method of intrusion at scale, the esentry team urged institutions to reassess their security frameworks, prioritise continuous identity oversight, and adopt models capable of detecting credential misuse before it escalates into significant disruption.
The report concluded that Nigeria’s overall cyber resilience would depend on how quickly organisations recognised identity as the new perimeter and aligned their defences accordingly.
More about esentry
esentry delivers customised cybersecurity services based on the unique needs of each customer segment. With a deep understanding of all facets of cybersecurity, esentry provides an end-to-end portfolio of services and products to businesses of all sizes worldwide.
