In light of the continued efforts of the Namibian Government to formulate and promulgate an effective law that recognises and regulates electronic transactions and addresses the need to define and criminalise cyber crimes such as electronic harassment and theft of electronic details, cyber security is an emerging topic within the Namibian business environment. Added to this are the effects of globalisation and increased publication of exploitable vulnerabilities, which seem to have put Namibia on the map for cyber criminals.

Download the full PDF report here

This survey is the first of its kind in Namibia and collates and analyses data regarding the policies, procedures and practices followed by Namibian companies to manage and respond to cyber risk and potential cyber security attacks, as well as the impact this has on the company. This will assist users in assessing the general awareness and maturity of cyber security management within the following themes:

• Risk management;
• Skills and awareness;
• Monitoring and proactive incident management; and
• Financial metrics.

The survey was delivered via an electronic questionnaire and was directed at the person chiefly responsible for the oversight and strategic management of information security, such as:

• The Chief Information Officer;
• The Security Officer; or
• The Head of the IT department. 

Given the qualitative and quantitative nature of the responses, we have taken care to ensure that information presented in our survey is anonymous and a fair reflection of the responses received. Once again, we would like to extend our appreciation to the respondents for the time and enthusiasm devoted to providing comprehensive responses. We believe that Namibia is a prime investment destination and provides excellent economic growth potential. Our hope is that this report will contribute to the adoption, implementation and application of strong policies, procedures and controls to mitigate and respond to the growing cyber security threat. We expect that this will lead to greater economic growth and stronger accountability and integration of IT functions with strategy and risk management functions.

In this survey, we have relied upon the respondents’ self assessments. Their responses have been presented with no modification or adjustment in an attempt to preserve the integrity and anonymity of the responses. We have not verified the accuracy or completeness of the information provided by the respective respondents.

Overall, our respondents were moderately familiar with cyber security management techniques and generally exhibited a positive attitude towards pro-active risk management. However, the general sentiment amongst survey respondents was that Namibia in general is not a high risk target for cyber crime. This is contrary to published data from internet security companies such as Symantec™, Verizon and the Ponemon Institute, which generally indicate a rise in activity globally as well as a rise in costs associated to successful breaches.

The results of the first Deloitte Cyber Security Survey for Namibia indicate that there is inconsistent appreciation and awareness of the risks and benefits of cyber security management in the Namibian market. We are pleased to note increased awareness of cyber security risks and increased commitment to appropriate responses in certain sectors, especially with regard to having proactive plans and controls in place. However, it is clear from responses in other areas and sectors that Namibia is still in the infancy of cyber security awareness and management.

The following are the high level findings of this survey:

• There is a lack of awareness of cyber risk;
• Accountability for cyber security is assigned, but not always to the correct level of personnel;
• There is a lack of high-level direction and governance for the management of information assets;
• Budgets for IT as a whole are comparable to global standards, but may be too low for the strategic development of information asset management;
• There is room for improvement on skills and training. 

A number of Namibian industries are faced with the growing prevalence of Internet of Things and industrial control systems, which are generally maintained by parts of the business that do not necessarily have special training in information security and therefore do not always put adequate control measures in place. This causes these systems to become easy targets for malicious intent.

We would like to thank all the respondents to our survey for their time and efforts in providing us with valuable insight into the Namibian cyber security landscape. We trust that this report will contribute to the continued awareness of cyber security risk in Namibia.

For the full results and report, please download the full PDF report here or from the link on the right.