How Government Agencies Are Fighting Back Against Cyberattacks

The digital systems that run public services, tax registries, national identity databases, emergency networks, and immigration records are under sustained attack, and consistently so.

In the first quarter of 2025 alone, government organisations recorded the highest average ransom demands of any sector globally, reaching $6.7 million per incident, with over 17 million records breached during ransomware attacks in that period. These are not abstract statistics. Behind each number is a collapsed service, an exposed citizen, or a government forced to pay criminals to restore its own infrastructure.

The question facing public agencies from Washington to Abuja is no longer whether an attack will come. It is whether they are structurally prepared to absorb it.

The Threat Landscape Is Not Uniform

Government agencies today face persistent threats from nation-state actors and criminal organisations alike, both targeting critical infrastructure and the sensitive citizen data that public institutions are obligated to protect.

Ransomware remains the bluntest instrument. In the first half of 2025, the government sector recorded a 65% surge in ransomware attacks compared with the same period a year earlier. But the methods have diversified considerably. Phishing campaigns target civil servants with professionally crafted emails. Supply chain compromises, where attackers gain entry through a third-party vendor, have emerged as a particularly difficult vulnerability to close. The US Treasury Department breach in early 2025 illustrated how dependence on external technology vendors can expose the most sensitive government networks, and reinforced the case for proactive, multi-layered defensive postures.

Insider threats add a separate dimension. Whether through malice or negligence, staff with legitimate system access remain one of the hardest security problems to manage. Effective detection depends on behavioural analytics capable of spotting unusual access patterns, while prevention requires strict access controls, regular clearance reviews, and network segmentation to contain potential damage.

What Prevention Actually Requires

The instinct in many government IT departments, particularly across emerging markets,  is to treat cybersecurity as a procurement exercise: acquire the right tools, and the threat is contained. That logic consistently fails.

Agencies that have fared better combine technology with process discipline. Zero Trust architecture, which operates on the principle that no user or device is inherently trustworthy regardless of where they sit on a network, has gained serious traction at the federal level. CISA, alongside the FBI, Department of Energy, and Department of State, published joint guidance in 2025 on applying Zero Trust principles to operational technology systems, noting that Zero Trust strategies can prevent adversaries from compromising, manipulating, and disrupting the critical physical processes these systems control.

Vulnerability management has also matured. In fiscal year 2025, CISA added 238 high-risk vulnerabilities to its Known Exploited Vulnerabilities catalogue, enabling agencies to identify and patch threats more rapidly. Over that same period, CISA assessed more than 43,000 vulnerabilities using its Stakeholder-Specific Vulnerability Categorisation system.

Public bug bounty programmes, where independent security researchers are paid to find weaknesses before attackers do, have also proven their value. Federal agencies participating in CISA’s Vulnerability Disclosure Policy Platform received over 12,800 reports from researchers in FY 2025, remediating 90% of valid submissions.

CISA’s Cybersecurity Performance Goals 2.0, released in December 2025, introduced new guidance specifically addressing risks from third-party providers with deep system access and the application of Zero Trust principles to limit lateral movement once an attacker is inside a network.

Africa’s Particular Exposure

The challenge is harder on this continent, for reasons that go beyond budget constraints. Nigeria, South Africa, and Algeria ranked as the top targets for cyberattacks in 2024, with attacks primarily carried out by organised hacker groups pursuing financial gain and espionage, as well as hacktivists with political motives. Nigeria’s exposure is acute given its scale: the largest digital economy on the continent, a rapidly expanding fintech sector, and a government increasingly moving services online without always hardening what sits behind them.

Between 2017 and 2023, Nigeria lost an estimated $805 million to cybercrime across the banking, telecommunications, and government sectors, according to a 2025 assessment by the UN Office on Drugs and Crime.

The incidents have continued well into the present. In December 2024, Nigeria’s National Bureau of Statistics confirmed its website had been hacked, urging the public to disregard any content posted to its platform until the site was restored. More recently, threat actor ByteToBreach launched a ransomware attack on the Corporate Affairs Commission, allegedly exfiltrating approximately 25 million documents totalling around 750GB of data.

By Q3 2025, data breaches affecting Nigerian entities had risen by 1,047% compared with the previous quarter, with the country averaging 6,101 cyberattacks per week in July alone, according to a report by eSentry.

Nigeria’s Regulatory Response

The legislative framework is catching up, though unevenly. Nigeria’s amended Cybercrimes Act has introduced provisions to establish sectoral Computer Emergency Response Teams and Security Operations Centres, a National Computer Forensic Laboratory, and frameworks for public-private partnerships and international cybersecurity cooperation.

In April 2025, regulators tightened enforcement further by requiring organisations to log incidents through a central portal, documenting what happened, the data involved, and the mitigation steps taken. NITDA’s forthcoming framework goes further still, introducing mandatory breach-reporting timelines and mechanisms for sharing threat intelligence between public and private sector entities.

The gap between legislation and operational execution, however, remains real. NITDA’s director general acknowledged that many organisations continue to underreport incidents out of reputational concern, a posture that regulators argue only makes the broader system more vulnerable, since a compromised institution can become a launch pad for attacks on connected agencies and banks.

Building Systems That Hold Under Pressure

For security leaders in government, the shift that matters most is moving from a prevention-only mindset to one oriented around resilience, the capacity to respond, recover, and adapt when a breach occurs, not just to stop it from happening.

That shift requires tested incident response plans, clear communication protocols, cross-agency intelligence sharing, and a workforce that understands its role before an attack begins. Regular drills and cross-functional collaboration have consistently proven their value in minimising disruption when breaches do occur.

For Nigeria and comparable African economies, the work ahead is less about procurement and more about institutional discipline. The frameworks exist. Enforcement, sustained investment, and the unglamorous task of building systems that hold under real pressure — that is where the outcome will be decided.