The National Commissioner and Chief Executive Officer of the Nigeria Data Protection Commission, Dr Vincent Olatunji, has said that hackers launched more than 2,000 attacks on the commission’s service portal within one week, highlighting the growing cyber threats facing government institutions as Nigeria expands its digitalisation efforts.
Olatunji disclosed this on Monday in Abuja at a Technical and Organisational Drill on Data Protection Measures for IT Administrators Across Ministries, Departments and Agencies organised by the NDPC.
According to him, the attacks underlined the urgent need for government institutions to strengthen their cyber defences and build the human capacity required to protect sensitive information and digital infrastructure.
He said, “Within one week, we experienced more than 2,000 attempts on our service portal. More than 2,000 within one week. You can imagine what that means.”
The NDPC boss explained that cyberattacks could be motivated by different objectives, ranging from attempts to embarrass government institutions to financial extortion and other malicious activities.
Olatunji noted that government organisations had increasingly become targets of cybercriminals as more public services migrate online.
He said, “A lot of government organisations are being targeted recently. But I don’t think there’s anyone with any major impact on the economy or citizens’ data. But we don’t have to wait until they have a certain effect before we take action.”
The commissioner said the Federal Government’s ongoing digital transformation agenda was increasing the need for stronger cybersecurity safeguards across MDAs.
He recalled that Nigeria’s digitalisation journey gathered momentum after the issuance of the National Information Technology Policy in 2001, which paved the way for various digital initiatives and strategic roadmaps across government institutions.
According to him, the government is intensifying efforts to achieve full electronic governance and seamless interaction between citizens, businesses and public institutions.
“A major announcement was made last week that will get 35 ministries to be fully digitalised in Nigeria within the next few weeks. Efforts are already ongoing. Some are fully digitalised already, while others are being encouraged to come on board. Over 100 agencies of government are already being involved in this,” he said.
Olatunji explained that many government agencies had already deployed platforms that enable citizens to access services remotely without physically visiting government offices.
He cited the commission’s own digital services, saying applicants seeking licences from the NDPC could complete processes online, including application submission and payments.
The NDPC chief, however, warned that greater digital integration also increases exposure to cyber risks.
“The truth is that all these integrations are driven by a lot of technologies developed by private sector organisations. When you move to full integration or when you interact, there is every likelihood that bad actors will target your network,” he said.
To address the challenge, Olatunji called for the development of “cyber warriors” capable of defending government systems and protecting citizens’ data.
He explained that the training programme aligned with key pillars of the commission’s roadmap, including human capital development, technology ecosystem growth and inter-agency collaboration.
The NDPC boss identified different stages of e-governance maturity, ranging from agencies that only provide information on websites to those offering fully transactional, integrated services.
He stressed that data protection measures should not wait until institutions achieve full digital integration.
Olatunji reminded participants that government institutions are classified under the law as data controllers because they collect and process information belonging to Nigerians and non-Nigerians.
He urged MDAs to establish the technical and organisational safeguards required under the Nigeria Data Protection Act to secure their databases and digital platforms.
According to him, technology alone cannot guarantee security without skilled personnel to manage and protect systems.
The commissioner commended public servants, describing them as among the most capable professionals available to drive government policies and programmes.
Olatunji also disclosed that compliance with data privacy requirements across the public sector had improved significantly in recent years.
“When we started, the level of compliance with data privacy in the public sector in Nigeria was just four per cent. But now we are doing about 20 per cent and even over,” he said.
He added that many MDAs now make budgetary provisions for data privacy and protection activities, including the appointment of data protection officers and deployment of technical safeguards.
The NDPC chief urged participants to share the knowledge acquired during the training with colleagues in their respective organisations and to develop implementation plans to strengthen compliance.
He said the commission had embarked on various induction programmes, certification initiatives and training courses for data protection officers across MDAs.
According to him, some participants in the commission’s six-week certification programme were already sitting for examinations, while additional support was being provided through the National Privacy Academy.
Olatunji disclosed that participants at the training would receive free vouchers to access the academy’s self-paced learning platform on data privacy and protection.
He also revealed plans to extend training to permanent secretaries and other senior government officials to deepen understanding of data protection obligations across the public sector.
The commissioner encouraged participants to embrace emerging opportunities in the data protection sector, noting that certified data protection officers and licensed Data Protection Compliance Organisations could continue to provide compliance services even after retiring from public service.
In her opening remarks, the Head of Research and Development at the NDPC, Dr Tolulope Pius-Fadipe, said the training formed part of the commission’s strategic roadmap for human capital development and efforts to build a strong data privacy architecture across ministries, departments and agencies.
She said the programme was designed to promote responsible data management, strengthen public trust and protect the rights of data subjects, adding that it would help agencies test and improve their ability to protect sensitive public data and maintain critical services during crises.
Pius-Fadipe urged participants to actively engage in the sessions and implement lessons learned in their respective organisations, noting that public institutions were increasingly facing cyber threats.
Also speaking, the Head of Information Technology and Cybersecurity at the NDPC, Mr Olorunisomo Isola, said the workshop was organised in response to rising cyber incidents targeting public infrastructure as government institutions deepen digitalisation efforts.
He said the training would equip IT administrators with the practical skills needed to implement the technical and organisational measures required under Section 39 of the Nigeria Data Protection Act and to prevent data loss or manipulation across government systems.
According to him, participants would undergo practical sessions on governance, risk and compliance, data protection impact assessments, encryption, data classification, data loss prevention, database security, cloud security and cyber incident response.
He added that the programme would culminate in the development of actionable implementation plans to strengthen data protection governance, improve security posture, reduce cyber risks, and ensure compliance with the NDPA across government institutions.
Earlier, The PUNCH reported that the NDPC boss said the cyber attack attempts forced a temporary shutdown of the commission’s network and highlighted critical gaps in Nigeria’s data protection ecosystem.
