Nigeria’s next election could be hacked and we are not ready 

In October 2024, South Africa’s Electoral Commission revealed a near-disaster: hackers, allegedly linked to a foreign state, attempted to breach its voter database during municipal elections. The attack was thwarted, but it exposed a thrilling truth—Africa’s digital elections are now a global battlefield. Nigeria, with its 2027 general elections looming, is next in line. Are we ready? The answer is no.

Like our fellow African giant cousin, Nigeria faced a similar challenge during the last elections. Turning out in mass numbers to participate in one of the most technologically ambitious elections in the nation’s history, the February 2023 elections were set to be the one where we finally got it right. The Biometric Voter Accreditation System (BVAS) devices were deployed. The INEC Results Viewing Portal (IReV) was meant to transmit results in real-time. Confidence was high. But then, unlike our southern giant cousin, we got it wrong!

As results started trickling in, the IReV platform stalled. Hours passed. Then days. INEC cited technical glitches. But for many Nigerians, and for those of us working in cybersecurity, this explanation was not enough. In a world where foreign actors routinely exploit digital infrastructure to influence political outcomes, the real question isn’t whether there was a glitch. It’s whether we were under attack.

The 2023 incident should have been a national wake-up call. Yet as we look ahead to the 2027 general elections, there is little evidence that Nigeria has done the work needed to prevent a repeat—or something worse.

Cyber threats have evolved, but our defenses haven’t

Nigeria’s cybersecurity narrative has long focused on local scams—email fraud, ATM cloning, “Yahoo Yahoo” schemes. But the threat landscape has shifted. Today, we face sophisticated, often state-sponsored attacks: cyber espionage, data manipulation, and digital interference designed to destabilize democracy.

These attacks are not loud or flashy. They don’t crash systems immediately or steal millions overnight. Instead, they quietly infiltrate, observe, and extract, with the more subtle aim to shape outcomes by delaying digital processes, stealing voters’ data, or spreading disinformation.

Countries like China (APT10), Russia (APT28), and Iran (OilRig) have been linked to coordinated cyber espionage efforts across the Global South, and Nigeria, with its geopolitical weight, oil wealth, and increasingly digitized government systems is most likely a prime target.

To our credit, Nigeria has taken some steps to respond. The Cybercrime (Prohibit, Prevention, Etc) Act of 2015 with Amendment Act 2024, created a legal framework for prosecuting cyber offenses. The Office of the National Security Adviser (ONSA) released a National Cybersecurity Policy and Strategy (NCPS) in 2021, which identifies Critical National Information Infrastructure (CNII) and outlines coordination among key agencies. Institutions like ngCERT and NITDA were also tasked with monitoring and responding to cyber incidents across public and private sectors.

But these efforts, while commendable, remain deeply insufficient in the face of today’s realities. The full operation of the The National Cybersecurity Coordination Center is still needed to aggregate and act on cyber threat intelligence in real time and coordinate the country’s cyber affairs. INEC, which oversees one of the most sensitive digital processes in the country—elections—has no publicly documented protocol for working with ONSA or ngCERT on threat prediction, only post-incident mitigation. The result is a defensive posture that is reactive and fragmented, at a time when our adversaries are precise, patient, and increasingly invisible.

This isn’t just a tech gap. I’m sure you know what it is!

2027 is around the corner and we are not prepared

If the 2023 glitches were a test, we failed it, and we’ve done little since to improve our score.

Foreign and non-state actors have refined their tactics. Nigeria’s digital election infrastructure is now a geopolitical asset, vulnerable to subtle threats like slowdowns, upload failures, or disinformation spikes. These aren’t full-scale hacks but are harder to trace and more effective at undermining trust, swaying narratives, and disrupting electoral integrity.

So what can Nigeria do to avoid a repeat of 2023—or worse?

The answer lies in anticipation.

To prevent a repeat of 2023, Nigeria must shift from reaction to anticipation. We need an AI-powered Early Warning System, a digital nerve center that monitors election infrastructure, flags suspicious activity, and predicts threats before they escalate. Unlike traditional tools, it tracks network patterns, detects anomalies, and spots coordinated attacks or probing behavior. This isn’t futuristic; India, the U.S., and Brazil already use AI-driven cybersecurity fusion centers to protect elections. Nigeria must do the same to safeguard democracy with intelligent, proactive defense systems.

What would Nigeria’s system look like?

A Nigerian cybersecurity early warning system doesn’t need to be complex, but it must reflect local realities. A centralized hub that integrates data from INEC, ngCERT, NCC, DSS, and telecoms, could flag suspicious activity in real time. For instance, during the 2023 elections, INEC’s IReV portal suffered unexplained downtime during critical uploads. An effective system could have detected unusual login patterns, DDoS attacks, or congestion early enough to prevent public mistrust. It could also have flagged cloned INEC sites spreading via WhatsApp.

This system must be trained on Nigerian data, not imported Western models that overlook our languages, digital behavior, and disinformation cues. It should detect region-specific trends, like sudden spikes in Igbo-language memes from the East or coordinated Yoruba from Lagos or Kano-targeted inciting chants, which may indicate influence operations. Governance must remain Nigerian, with strong legal safeguards.

Existing bodies like NITDA and ngCERT already have cybersecurity roles, and INEC is digitizing its systems. What’s missing is coordination, predictive analytics, and AI-powered infrastructure. A national directive – perhaps from the National Security Adviser via the NCCC – could initiate joint simulations, data-sharing, and a cyber fusion center by 2026. With collaboration from universities and local tech hubs in AI and forensics, this system could be built, tested, and ready to protect Nigeria’s digital democracy by the 2027 elections – and beyond.

The technology exists; the question is whether the political will does too.