Businesses in Nigeria are facing growing pressure to rethink how they invest in cybersecurity as the country’s digital economy expands and cyber threats grow more advanced. Benjamin Okolie, a technology expert and consultant in Africa at Kaspersky, has emphasized the need for local organisations to make smarter, not necessarily larger, cybersecurity investments. His advice comes in the wake of the latest Kaspersky IT Security Economics Report 2024, which reveals that globally, large enterprises use an average of 15 security solutions, managed by 23 IT specialists. This level of sophistication, while ideal, is often out of reach for many Nigerian companies that are working with limited budgets and competing business priorities.
For these organisations, especially small and medium-sized enterprises in fintech, e-commerce, and financial services, the challenge is finding where to focus the resources they do have. According to Okolie, many SMEs continue to take a reactive approach, typically boosting cybersecurity spending only after experiencing an attack. This delay not only puts their operations at risk but also increases the cost of recovery. He advises a shift towards preventive action—investing in early threat detection systems, continuous employee education, and securing vital digital infrastructure before an incident occurs.
Large corporations face a different kind of challenge. With massive IT ecosystems and huge volumes of sensitive data, they must handle scale and complexity. Their resource allocation should prioritise broad visibility over their digital assets, automated detection of threats, and the ability to respond quickly. Okolie pointed to advanced tools like Kaspersky’s Extended Detection and Response (XDR) and Managed Detection and Response (MDR) services as vital options. These platforms offer speed and scale in identifying and countering threats, which are increasingly crucial as attack techniques evolve.
Yet, regardless of company size, one factor remains unchanged: human error is still one of the leading causes of cybersecurity breaches. Mistakes such as clicking on phishing links, reusing passwords, or accidentally sharing confidential data continue to undermine even the most advanced security systems. Regular employee training and awareness programs are highlighted as cost-effective solutions that can significantly reduce this risk. Additionally, IT teams must stay ahead of industry-specific threats and adapt based on regional and global intelligence. Resources like Securelist.com and the Kaspersky Threat Intelligence portal offer useful insights that can guide these efforts.
Compliance with laws and regulations is another area where businesses must commit resources. With the Nigeria Data Protection Act (NDPA) being more rigorously enforced, companies need to ensure their cybersecurity plans include compliance controls such as data encryption, user access limits, and transparent audit trails. Okolie stressed that this is not just about avoiding fines. Organisations that demonstrate accountability in handling data are better positioned to earn customer trust and maintain credibility.
To make the most of their budgets, Nigerian businesses are encouraged to conduct regular risk assessments and cybersecurity audits. These assessments identify weak spots and help companies focus their spending where it will be most effective. This strategic focus becomes even more important in an environment where threats are constantly changing.
The report concludes that cybersecurity investments should be closely aligned with business priorities, and always aimed at the most critical vulnerabilities. With the threat landscape evolving so rapidly, organisations must also ensure their cybersecurity infrastructure can scale and adapt alongside their growth. Smarter spending, guided by data and risk analysis, will give businesses the resilience they need to survive and thrive in Nigeria’s increasingly digital economy.
