Ester Mbathera
In 2024, Namibia experienced approximately 1.1 million cyber attack incidents, notably a significant breach at Telecom Namibia, where 626GB of sensitive data was exposed.
A fraud examiner, Melanie Meiring from SoA Growth & Integrity Consulting, in a statement shared recently, said cyber threats are no longer a distant concern for the country.
“They are happening right now, and at an alarming rate,” she said.
These cyber incidents target businesses, government entities, and individuals, and they involve fraud, phishing scams, and ransomware attacks.
Despite the rising threats, Namibia has yet to enact the Cybercrime Bill or the Data Protection Bill, leaving a gap in the legal framework necessary to combat cyber threats effectively.
“But does this mean we should wait for the government to act before taking steps to protect ourselves? Absolutely not. Proactive fraud prevention and cybersecurity strategies are the best way to stay ahead of cybercriminals,” she said.
Many countries have had cybersecurity laws in place since 2018.
Meiring said while Namibia is still in the process of finalising its approach, cybercriminals continue to exploit weak security systems, outdated controls, and untrained employees, leaving both private businesses and government entities exposed.
Namibia’s Cybercrime Bill remained unfinalized for nearly two decades.
Meiring said some of the delays are because cybersecurity has not been seen as urgent compared to other national issues.
“Ignoring it is no longer an option,” she said.
She warned that technology evolves quickly, and every new draft of the bill risks becoming outdated before it is even enacted.
“The longer we delay, the wider the gap becomes between cybercriminals and law enforcement. In other countries, cybersecurity frameworks are continuously updated—something Namibia must prepare for if it wants effective legislation,” she said.
According to Meiring, another delay is that the country needs to have its Cybercrime Bill aligned with global cybersecurity agreements, such as the Budapest Convention on Cybercrime.
This international alignment is crucial for tracking cybercriminals across borders and ensuring that the country is compliant with global best practices.
She said adapting laws to fit international standards takes time, and revisions to the bill have caused further delays.
Another fact that is causing the delay in enacting the bill is balancing cybersecurity enforcement with privacy rights.
Civil society organisations have raised concerns that previous bill drafts lacked strong data protection provisions.
“The Data Protection Bill is supposed to fill this gap, but just like the Cybercrime Bill, it is still under development. These challenges explain why the legislation has not yet been finalised—but cybercrime isn’t waiting for laws to be passed. Businesses and individuals need to take cybersecurity into their own hands—starting today,” she said.
On several occasions, the minister of information and communications technology (MICT), Emma Theofelus, confirmed that the country’s Data Protection and Cybercrime Bills are nearing completion.
The bills aim to protect citizens’ personal information amid rapid technological advancement.
Paul Rowley of My Digital Bridge Foundation, whose mission is to enrich the lives of marginalised communities through equitable access to technology, last year also said a comprehensive data protection act in Namibia could have significantly reduced the damage caused by the cyberattacks.
According to him, the Data Protection and Cybercrime Bills could have established clear guidelines and obligations for data controllers and processors.
“Robust policies would mandate stringent security measures for protecting personal data, reducing the risk of breaches. Legislation would also hold organisations accountable for data breaches, imposing fines and penalties, which could incentivise better data protection practices,” he said.
