This paper reports the findings from a research project on cyber security in the Nigerian Internet banking industry, by presenting the main cyber security breaches it has experienced, along with its cyber security capability and practices. An online survey was conducted with 100 experienced professional working in both the Nigerian banking and banking security service sectors. Our findings reveal a transformation of the Nigerian cybercrime industry from low-tech cyber-enabled crimes to high-tech sophisticated breaches, with viruses, worms or Trojan infections; electronic spam mails; and hacking being the top three most experienced breaches. In term of cyber security practices, banking professionals have received adequate management in both support and training. The lack of advanced technologies to prevent and address cyber security breaches and the unsatisfactory level of legislative compliance, together, appear to be the primary factors that have reduced cyber security capability in our sample of banks.