A recent IMF study estimated global annual losses from cyber-attacks to be close to 9% of banks’ net income, or around US$100 billion. This is in the best case scenario. In the worst case scenario, this figure is 2.5 or 3.5 times higher.
According to the 2017 Nigeria Cyber Security Report, the country loses about N127 billion yearly to cybercrimes. Another group estimates the figure at N198billion. Yet few Nigerians consider cybercrime a direct threat, owing largely to the high level of cybersecurity illiteracy even among literate Nigerians. In the formal sector, the underestimation of cyber threat is no less stark, although some sectors, particularly the financial and telecoms sectors, put in place advanced systems to mitigate cyber threats.
While firms in certain industries are more susceptible to cyber threats, cyber risk is generally not a function of size or industry—the use of digital technology renders many firms across many sectors susceptible. That said, given the potential rewards for success, financial institutions tend to be major targets for cybercrime, whose systems have diverse attack entry points, from end users (customers) to well-planned social engineering attacks.
In Nigeria, cybercrime will constitute an escalating threat as youth unemployment soars, internet penetration improves, digital adoption becomes more widespread and more foreign countries adopt a hardline approach towards mitigating cybercrime emanating from Nigeria.
To appropriately combat this escalating threat, cybersecurity cannot be a conversation limited to IT professionals; the conversation needs to be elevated to the board room because of its potential impact on business integrity. Awareness of cybersecurity, currently poor, needs to improve in both public and private sectors. The design and implementation of strategies to mitigate against identified cyber risk is vital as well.
With everything we’ve learnt about the cyber threat to nation states (attacks on election, water, health, power, identity management and other critical systems) over the past few years, cybersecurity is a national security issue. It is imperative that the creation of a national cybersecurity policy be pursued. This policy must put in place systems to improve awareness of cyber threats, as well as to continuously detect, prevent and respond to cyber-related security issues.