IT security incidents have evolved over the past few decades from isolated information system attacks to deliberate, focused and complex cyber dangers at even national, institutional or individual level. Digital technology's interconnectedness has many advantages, but it also creates a number of new risks that have broad ramifications. Even though the phrases are sometimes used synonymously, information security and cyber security are not the same. The transition from information security to cyber security was covered in this study, primarily as a paradigm shift in the defense against persistent threats. While it was sufficient to undertake basic defense against "common" attacks in the information security era, organizations now need to develop clever, creative, and effective controls to identify and stop sophisticated and emerging cyber-attacks. Cyber security initiatives should now involve the entire organization, including participation from all staff members, rather than just IT departments or designated persons. Cyber security should be strategically connected with corporate strategy, just as digital technologies are. We have carried out preliminary research on the level of maturity of security measures in Nigerian large firms that are associated with vital or significant national infrastructure. We concluded that while basic protection works well, there is still space for improvement when it comes to implementing more sophisticated controls and pursuing a shared goal of comprehensive cyber security governance.

--