Nigeria’s business environment is increasingly at risk from rising cyberattacks and weak data protection practices, the Chief Executive Officer of Glemad, David Idris, has warned.

Speaking in an interview, Idris said small and medium-sized enterprises (SMEs) are the most vulnerable, as many still treat cybersecurity as an afterthought rather than a core business priority. According to him, outdated systems, poor access controls, and lack of structured response mechanisms expose firms to ransomware, insider threats, and phishing attacks.

“Too many Nigerian businesses only discover their vulnerabilities after suffering an attack. What is needed is a shift towards proactive security, continuous monitoring, and well-structured incident response protocols,” Idris said.

He stressed that while the Nigeria Data Protection Act (NDPA) of 2023 was a step in the right direction, enforcement remains weak, leaving many companies confused or struggling to comply. “It’s not the law itself but the lack of active enforcement. Most firms do just enough to avoid penalties rather than embrace security as a culture,” he noted.

Idris argued that compliance should not be seen as a burden but as an opportunity to build trust with customers. He added that Glemad has integrated “privacy-first” principles into its AI-driven solutions, ensuring that both regulatory requirements and user trust are built into its technology from the outset.

Citing a case study from 2024, he said Glemad’s SmartCombat AI platform successfully protected a Cameroonian financial institution from a major cyberattack by predicting risks and automating response measures in real time.

On public awareness, Idris said most Nigerians remain unaware of their data privacy rights, partly because companies fail to communicate policies in simple, clear terms. He called for nationwide digital literacy programmes and urged businesses to simplify their data-use agreements to foster transparency.

He also flagged concerns around gaps in Nigeria’s data protection framework, especially on cross-border data transfers. According to him, the country needs a pragmatic policy that balances sovereignty with the realities of global digital trade. “Critical industries should prioritise data localisation, but flexible frameworks are also needed for international operations,” he said.

Looking ahead, Idris predicted that AI adoption will expand rapidly in Nigeria over the next five years, bringing new challenges around ethics, biometric data use, misinformation, and algorithmic bias. He urged regulators, businesses, and civil society to collaborate on adaptive governance models to ensure both security and accountability.

“The future is not just about responding to today’s risks but preparing for tomorrow’s,” he said. “If Nigeria wants to lead in digital innovation, stronger enforcement, public education, and scalable security infrastructure will be critical.”