The Federal Government has recently introduced a new tax law supported by an automated digital system designed to determine who is eligible to pay tax and how much should be paid. Under the new framework, some licensed organisations have been authorised to collect taxes and operate parts of this system on behalf of the government.

While the initiative is expected to improve revenue generation, transparency and efficiency, cybersecurity and data protection experts have raised concerns about its implications for privacy, cyberspace security and the wider economy.

Speaking on the development, Benedict Ugwuja, a cybersecurity expert, professional trainer and Lead Consultant at Cybergon Limited, warned that automated tax systems rely heavily on large volumes of personal and financial data. According to him, such systems process highly sensitive information including identity records, income details, transaction histories and business data, making them prime targets for cyber attacks.

Ugwuja explained that once tax data is compromised, the consequences go beyond financial loss. Exposed taxpayer data can be used for identity theft, fraud, blackmail and sophisticated social engineering attacks. He added that a loss of trust in government systems could also reduce voluntary compliance and undermine long term revenue objectives.

He recalled a previous incident in which a Nigerian government revenue organisation was hacked, noting that to date, the full scope of the breach and the data affected remain unclear. According to him, the incident serves as a strong reminder that digital revenue platforms are attractive targets and must be protected with more than basic compliance measures.

Ugwuja also highlighted the broader economic implications, stating that modern businesses depend heavily on digital infrastructure. Any disruption to tax systems caused by cyber attacks can slow business operations, damage investor confidence and negatively affect the economy. In a digital economy, he noted, cybersecurity is a foundational requirement, not an optional add on.

He called on technology stakeholders, including government agencies, licensed tax operators, system developers, cloud service providers and data processors, to take proactive responsibility for securing taxpayer data. He stressed the need for strong security architecture, continuous vulnerability testing, encryption, access control, real time monitoring and well tested incident response plans.

According to Ugwuja, strict compliance with the Nigeria Data Protection Act must go beyond documentation. Organisations handling tax data must implement practical data protection controls, apply data minimisation, restrict access on a need to know basis and ensure transparency in data processing.

He further emphasised the importance of capacity building, noting that many cyber incidents result from poor configurations, weak systems and human error rather than advanced attacks. Regular training for technical teams, Data Protection Officers and operational staff is essential to reducing risk.

Ugwuja also advocated for stronger oversight, independent security assessments and deeper collaboration between government and private sector cybersecurity experts. He noted that globally, critical national systems are protected through shared responsibility models that combine public oversight with private sector expertise.

He disclosed that the automated tax system scenario has now been incorporated into Cybergon’s cybersecurity and data protection training programmes. Through real life simulations, trainees learn how such systems can be attacked and how they should be defended, with the goal of preventing incidents before they occur.

As Nigeria continues its digital transformation, Ugwuja concluded that revenue growth, privacy protection and national security must move together. Without strong cybersecurity and practical data protection, even the most advanced digital systems risk becoming liabilities rather than assets.