Reported by: Ijeoma G | Edited by: Oravbiere Osayomore Promise.
As Nigeria’s financial sector continues to deepen its digital transformation, leaders within the banking industry are raising the alarm over escalating cyber risks that threaten institutional stability, customer trust and systemic resilience. At the centre of this chorus for change is Aina Amah, chairperson of the Association of Chief Audit Executives of Banks in Nigeria (ACAEBIN), who this week issued a pointed appeal to all Nigerian banks to fully decommission outdated servers and technology infrastructure — a move she says is critical to curbing cyber attacks that have become both more frequent and more sophisticated.
Amah’s remarks came during ACAEBIN’s annual retreat and general meeting in Lagos, where industry leaders, auditors, cybersecurity experts and regulatory stakeholders convened under the theme “Navigating Future Technology and Governance Risk in the Nigerian Financial Sector.” Her plea was clear: in an era where digital banking operations are central to strategy, customer experience and competition, cybersecurity cannot be relegated to a technical afterthought.
“Legacy systems and poorly decommissioned servers represent real vulnerabilities,” Amah stressed. “Cyber attackers continually seek out gaps, outdated software or forgotten machines that remain connected. If you are taking a product out of use, make sure that it is fully removed — because redundant servers can be exploited to wreak havoc.”
Her warning reflects a broader industry recognition that cyber risks have become among the most significant technology-driven threats facing banking institutions. As banks embrace digital platforms, cloud services, artificial intelligence and interconnected third-party systems, they simultaneously expand their attack surface — creating more entry points for bad actors who are constantly innovating their tools and techniques.
Historically, internal auditors focused primarily on financial compliance and governance. But as the digital footprint of banks has expanded, so too has the role of auditors. Amah argued that internal audit functions now sit at the forefront of institutional risk management, tasked with ensuring that digital assets are protected, system vulnerabilities are identified and controls are continuously validated.
She urged financial institutions to strengthen their security perimeters, conduct regular penetration tests, and perform frequent vulnerability assessments — not merely to satisfy regulatory checkboxes but to fortify their systems for genuine resilience. “As you advance in technology, bad actors also evolve,” she said, underlining the need for proactive, rather than reactive, cybersecurity postures.
The call for a shift in mindset aligns with earlier industry advocacy urging bank auditors to adopt broader cybersecurity competencies, such as digital risk assessment, cyber hygiene advocacy, and cloud-risk evaluation — all crucial elements in modern digital assurance frameworks.
Despite ongoing investments in advanced technology and cyber defences, many banks still maintain legacy systems that serve as weak links in complex IT environments. These outdated servers may lack up-to-date security patches, modern encryption standards or comprehensive monitoring — making them attractive targets for cybercriminals.
Fully decommissioning old servers involves more than simply unplugging them; it requires securely extracting them from networks, thoroughly wiping data, revoking all access credentials, and ensuring that no residual connections remain. Central banking guidelines also stress the importance of documenting and reviewing all third-party service connections and access privileges to prevent orphaned access points that could be exploited.
Cybersecurity analysts have long noted that the increasing frequency of digital financial transactions — whether through online banking, mobile apps, or real-time payment systems — makes the sector especially attractive to cybercriminals. Losses from fraud and cyber breaches have been documented in the billions in recent years, with Nigerian banks and customers reporting significant exposures.
Echoing Amah’s concerns, Adegoke Adejumo, Chief Information Security Officer at Signature Bank, warned that heightened interconnectivity among financial platforms — while beneficial for seamless transactions — also introduces additional risk vectors. He pointed out that rapid interactions between systems can inadvertently provide pathways for attackers if defences are not properly aligned.
Industry discussions increasingly suggest that tackling cyber threats requires a holistic approach that blends technological upgrades, human capacity building, regulatory oversight, and strong institutional governance. Collaboration across institutions, regulators, third-party service providers, and auditors is regarded as essential to building a resilient financial ecosystem capable of withstanding sophisticated threats.
The concerns voiced by ACAEBIN are reflective of a broader cybersecurity landscape in Nigeria, where both public and private sector actors have grappled with rising incidences of cybercrime. The recent suspension of a proposed national cybersecurity levy following public backlash highlighted the ongoing debate about how best to resource and strengthen national cyber defences while balancing economic pressures.
As the digital economy continues to grow, experts emphasize the importance of multi-layered security architectures, customer education on fraud risks, and adoption of forward-looking technologies such as artificial intelligence-driven threat detection. These measures are increasingly considered vital not just for risk mitigation, but for sustaining confidence in financial systems and preserving competitive advantage.
ACAEBIN’s call to fully decommission legacy servers is being interpreted by many financial leaders as a wake-up call for Nigeria’s banking sector to treat cybersecurity as a boardroom priority. The implications extend far beyond individual institutions; they impact national financial stability, investor confidence, and the integrity of the broader digital economy.
With cyberattacks now recognized globally as a major operational and systemic risk, Nigerian banks face mounting pressure to modernize legacy infrastructure, enhance audit capabilities, and embed security at every layer of their digital transformation journey. In doing so, the sector aims to protect not only financial assets and customer data, but also the trust that anchors the nation’s evolving digital economy.
As banks work to modernise their technology stacks and strengthen defences against evolving threats, collaborative efforts between auditors, IT professionals, regulators, and law enforcement will be key to building a more secure and resilient financial sector capable of withstanding the complex cyber risks of the digital age.
📩 Stone Reporters News | 🌍 stonereportersnews.com
✉️ info@stonereportersnews.com | 📘 Facebook: Stone Reporters | 🐦 X (Twitter): @StoneReportNew | 📸 Instagram: @stonereportersnews
Add comment
Comments