In 2023, the Nigeria Data Protection Bureau (NDPB) launched investigations into over 110 companies for data breaches, targeting industries such as banking, telecommunications, and gaming. These investigations highlighted a concerning trend: while businesses have been focusing on physical security, they often neglect the crucial link between protecting their physical assets and securing their digital data. In a world increasingly driven by digital transformation, Nigerian CEOs must recognise that data protection is as critical to their business as any other form of security.
Consider a case where an employee’s negligence led to a significant breach of customer data. An employee failed to properly log out of a workstation, leaving confidential customer information exposed to unauthorised access. This wasn’t an elaborate cyberattack but a simple, preventable mistake. Such breaches not only damage a company’s reputation but can also lead to severe regulatory consequences. In this instance, the company faced investigations and a potential fine for failing to protect customer data adequately.
These types of incidents highlight how data protection is not just a matter of cybersecurity; it is also intrinsically tied to how businesses handle their physical environments. Nigerian businesses, like many across the globe, often invest heavily in physical security systems — biometric access, CCTV, and security guards — yet fail to consider that these same principles must apply to their digital infrastructure. Physical security measures play a critical role in protecting sensitive data. A locked server room or secure workstation access can prevent unauthorised access just as effectively as firewalls or encryption.
The case of Meta’s $220 million fine in Nigeria further illustrates the consequences of failing to protect data properly. The fine was imposed for unauthorised cross-border transfers of personal data, a violation of the Nigeria Data Protection Regulation (NDPR). This penalty sends a clear message that Nigerian regulators are taking data protection seriously. CEOs who fail to implement robust data security measures face not only financial penalties but also the erosion of customer trust.
Many Nigerian CEOs are now realising that digital security and physical security are two sides of the same coin. Historically, businesses focused on protecting physical assets — installing reinforced doors, hiring security personnel, and deploying access control systems. In today’s business environment, however, protecting data is just as important. A company’s digital assets, such as customer databases and intellectual property, are often more valuable than physical ones. The financial and reputational damage from a data breach can far exceed that of physical theft.
For example, in another case investigated by the NDPB, an employee maliciously accessed confidential data after being terminated, using a USB drive to steal sensitive company information. This highlights how insider threats — whether accidental or malicious — can be as dangerous as external cyberattacks. In many cases, these breaches occur due to inadequate physical security protocols, such as allowing former employees to retain access to company systems.
So, how can Nigerian CEOs address these growing challenges? One of the first steps is to ensure that access to both physical and digital assets is tightly controlled. Only authorised personnel should have access to sensitive information, and businesses should continuously monitor who accesses what. This includes limiting access to server rooms and using secure workstations that automatically log users out after a period of inactivity.
Employee training is also vital. Often, data breaches are the result of human error rather than malicious intent. By educating employees on the importance of data security — such as how to recognise phishing attempts, secure their workstations, and handle sensitive data — businesses can significantly reduce the risk of accidental breaches. CEOs must also ensure that incident response plans are in place. In the event of a breach, having a clear protocol for containing the issue and notifying affected parties can mitigate damage.
Encryption is another essential tool in the data protection arsenal. By encrypting sensitive data, businesses can ensure that even if information is intercepted, it cannot be easily accessed or misused. Regular audits of data systems and security measures can help identify vulnerabilities before they are exploited.
Ultimately, the convergence of digital and physical security is no longer a theoretical concern — it is a reality for Nigerian businesses. CEOs who fail to recognise the importance of integrating data protection into their broader security strategies risk facing regulatory penalties, financial losses, and a loss of customer trust. As more Nigerian companies embrace digital transformation, the role of the CEO in overseeing both physical and digital security has never been more critical.
Nigerian businesses must shift their mindset and view data protection as an integral part of their overall security infrastructure. By implementing strong access controls, training employees, encrypting data, and having a robust incident response plan, CEOs can protect their businesses from the growing threats of data breaches. In today’s interconnected world, securing both physical and digital assets is not just good practice — it is essential for business survival.
- business a.m. commits to publishing a diversity of views, opinions and comments. It, therefore, welcomes your reaction to this and any of our articles via email: comment@businessamlive.com
Oil windfall expectations from the Middle East crisis