Ester Mbathera
The Communications Regulatory Authority of Namibia (CRAN) and the Ministry of Information and Communication Technology (MICT) have renewed calls for urgent reforms to the cybercrime and data protection laws.
This trend is following a rise in cyberattacks and data breaches affecting both the public and private sectors.
The MICT’s spokesperson, Ngaevarue Heuva, said the Data Protection Bill has been finalised and submitted to the Cabinet committee on legislation for review.
The Cybercrime Bill, though redrafted, still requires further refinement.
“During the third Cabinet decision-making meeting for 2025, Cabinet directed the Ministry of Information and Communication Technology to urgently finalise the cybercrime and data protection laws, alongside sector-specific cybersecurity regulations,” she said.
She added that responsibility lies with all custodians of personal data to support affected individuals and ensure that citizens are not left to suffer the financial and emotional consequences alone.
“These attacks would usually take their hard-earned resources, leaving the citizens with financial losses resulting in psychological impact that must be cushioned in one way or another,” Heuva said.
In response to ongoing threats, Heuva said the ministry continues to alert affected entities to vulnerabilities and coordinate with stakeholders in critical infrastructure to strengthen defences.
Between 2022 and 2024, Namibia recorded an estimated 2.6 million cyberattack attempts, according to data from the Cyber Security Incidence Response Team (NAM-CSIRT), a body established under CRAN to coordinate national cybersecurity responses.
The scale of the problem has been highlighted by major breaches, including a cyberattack on Telecom Namibia that led to the loss of 626 gigabytes of sensitive data belonging to over 493,000 individuals, government ministries, state-owned enterprises, and businesses.
A second telecommunications company also experienced a cyberattack, though no information has been publicly leaked.
Last month, Paratus Namibia reported a breach involving 84 gigabytes of compromised data.
“According to the NAM-CSIRT, an estimate of close to 2,608,915 cyberattack attempts or events were recorded between the years of 2022 and 2024,” the ICT ministry stated.
CRAN also previously issued warnings to institutions about inadequate security systems.
In October, it recommended three core measures: Updating firmware and antivirus software, implementing intrusion detection systems to monitor and respond to suspicious activity, and containing ransomware by isolating affected systems to prevent the spread of encryption.
“Organisations are recommended to update the firmware of their devices and/or install the latest antivirus or malware removal tools to scan and quarantine the infection,” CRAN stated.
The second step they advised is the implementation of the intrusion detection systems to monitor a computer’s network or systems for malicious activities or policy violations.
The intrusion detection systems network is a security tool that monitors network traffic and devices for known malicious activity, suspicious activity or security policy violations.
“This helps detect unauthorised access, potential threats, and abnormal activities by analysing traffic and alerting administrators to take action,” they advised.
The last measure is for ransomware incidents.
“A ransomware remediation process starts with containing the ransomware, preventing it from spreading and encrypting additional files by isolating affected systems,” Cran stated.
Certified fraud examiner Melanie Meiring estimates that over 1.1 million cyber incidents were recorded in 2024 alone.
She criticised the lack of legal safeguards and warned that the country remains highly vulnerable compared to countries with established data protection frameworks.
