…A closer look at Namibia’s cybersecurity and data protection
By Kondjeni Ndakeva
Fellow Namibian citizens, can we truly trust our institutions to safeguard our personal data? The simple answer is, NO. While this response is blunt, the reality of our digital setting demands a deeper understanding of the risks we face and the urgent reforms needed.
What Happened?
Whether you are a consumer, investor, or a policy maker, we all should be concerned about our data protection.
There have been quite many reports of certain banks in Namibia being compromised, with unauthorized transfers of client funds, yet these breaches often end with no accountability or public apology.
In December 2024, the largest data breach in Namibia’s history happened at one of Namibia’s biggest internet service providers, Telecom Namibia. Ironically, the government-owned telecommunication became the victim of a massive ransomware data breach which impacted over 600 000 customers’ data.
The intrusion was carried out by a group of hackers under the name of “Hunters International.” They had successfully penetrated Information Technology Systems of Telecom Namibia, where sensitive clients’ information was compromised, and a ransom was issued to keep this data from being published.
Stolen information included:
• identification numbers
• account information
• client contracts
• internal financial documents for individuals, private businesses, government agencies, and senior government officials.
These incidents have a very big implication for the cyber reputation of Namibia. Such incidents detract investors’ confidence, exposing the public to fraud, identity theft, and financial loss.
The Interpol African Cyberthreat Assessment Report of 2024 indicated that ransomware was one of the emerging cyber threats in Africa, with common threats such as business email compromise (BEC) and online scams. The report further continues to state that cybercrimes have an impact of up to USD 4 billion in financial loses in Africa alone.
What Namibia can learn from other nations
Technology is developing at a tremendous rate, and most countries have already come up with legislations that can regulate data protection.
For instance:
1. Europe’s General Data Protection Regulation (GDPR):
• GDPR safeguards the data of users and makes companies responsible in case of a leak. This is the reason most users encounter the cookie consent pop-up when visiting any website. These laws make sure companies have stringent security protocols to safe guide users’ data.
2. South Africa’s POPIA- Protection of Personal Information Act:
• POPIA specifies how data must be collected, used, and stored. It makes the responsible organisation accountable for non-compliance, and the penalty begins from USD 500,000 with up to 10 years of imprisonment.
• Citizens affected can, under POPIA, sue and receive fair compensation.
All these legislations force organisations to take cybersecurity seriously and protect users’ data. Namibia equally needs to take these measures to secure its digital landscape.
Lack of legal frameworks in Namibia
Unfortunately, Namibia’s existing legal framework is vague when it comes to cyber activity. The Electronic Transactions Act of 2019, primarily focuses on traditional cybercrimes such as Denial of Services (DoS) attacks, hacking, falsification of electronic documents but fall short in regulating crimes like cyberbullying, identity theft, defamation of character, misuse of deepfakes, and the misuse of Artificial Intelligence etc. Moreover, the Act does not clearly establish consequences or accountability of organisations when breaches occur.
While private institutions such as banks are required to comply with standards such as the Payment Cards Industry Data Security Standard (PCI DSS), there are no comprehensive laws in Namibia holding these institutions accountable in the event of a cyber breach. This gap leaves consumers unprotected.
Compounding the issue, both the Data Protection and Cybercrime Bills have been stalled in the legislature since 2013. This is due to the rapid change in technology and by the time the bills are done with public consultations they are obsolete when they reach the National Assembly for discussion and end up being sent back for further consultations. At the rate of technological advancement, these proposed laws risk being outdated before they are even implemented.
What Namibia urgently requires is:
• Dynamic and revised technology law: To be reviewed from time to time in tandem with the advancement in emerging technologies.
• Stringent controls: To prevent user data from being jeopardized and to hold organizations accountable for any infringement.
• Ad hoc regulations by the regulator: CRAN must propose interim regulations which will protect information up until the time legislations have been passed.
Failing that, Namibia remains susceptible to cyber intrusion and data breaches.
The way forward
The government in collaboration with private sectors need to:
• Engage the public on consumer right protection.
• Engage and educate the public on cybercrimes and it’s negative impact to individuals.
• Carry out rigorous campaigns on digital literacies and online protection In the meantime, Namibians need to take care of themselves:
• Protect your identity: Let your personal details go out to entities you are confident you trust and do have verification of the authenticity of such entities.
• Demand transparency: Ask organizations about their data protection policies before yielding sensitive information.
At the national level:
• Fast-track legislation: The National Assembly should accelerate the enactment of the Data Protection and Cybercrime Bills.
• Empower CRAN: Allow regulators to develop interim data protection regulations.
• Raise awareness: Sensitize citizens to cybersecurity threats and measures for prevention.
Until when stringent laws are passed, Namibians need to be very precautious. At a personal level, I have resolved not to disclose valid personal information to anybody who cannot identify themselves or legitimise their query. Small step, but that would go a long way.
The country’s future in the digital era depends on how seriously we take the issue of cybersecurity and data protection today. Let us mobilise for responsibility, better legislation, and personal caution to safeguard our information, cyberspace and our nation.
*Kondjeni Ndakeva is a Data Scientist, Software Developer and Database Administrator with a master’s degree in data science. He is passionate about leveraging data to drive impactful decisions and enhance democratic accountability in Namibia.
