By: Hee-Dee Walenga
A panel discussion at the 3rd annual Namibia International Cybersecurity Conference & Exhibition saw various industry experts gauge what it would take for Namibia to move from policy documents and framework language to real implementation and accountability.
The panel consisted of Pauline Omollo, Head of Business Development in Africa for Silensec; Muvhango Livhusha, Vice President of ISACA; Selma Shivute, Deputy Director of Information Technology at the Ministry of Industries, Mines and Energy; Ester Nghipandulwa, Legal Practitioner at the High Court of Namibia; Petrus Kafidi, General Manager of Information & Communication Technology at NAMFISA; and Job Angula, Head of IT Risk & Control at Just Eat Takeaway.com.
The panel was moderated by Melanie Meiring, Managing Director of SoA Growth & Integrity Consulting.
Omollo, from Kenya, stated that governments should have at least three levels of cybersecurity standards: International Telecommunication Union (ITU) governance practice, Information Security Management Systems (ISMS) ISO 27001 standard, and ensure that the frameworks are adhered to when called upon.
“A practical approach is to adopt an international framework such as the ISO 27001 and layer local requirements such as NAMFISA regulations on top of that instead of building something from scratch,” Angula added.
Omollo called for nations to look beyond ticking compliance boxes when it comes to cybersecurity. She explained that it makes no difference to an attacker if a country or organisation has passed certain cyber audits, as they look for small gaps to exploit such as how a team communicates during a cyber attack.
“You need to have practiced what is in the book. We need to move from ticking the boxes, to action-oriented status. You have to put what is in the compliance book into action when it is required,” she explained.
Kafidi stated that international cooperation can accelerate national resilience building efforts by providing early warnings of threats between countries, capacity building and skills transfer, and the sharing of standards, good practices, and costs.
On several occasions, the panelists referenced that the absence of the data protection and cybercrime bills makes the landscape difficult to navigate for organisations around the country.
Nghipandulwa emphasised that the cybercrime, data protection, and access to information bills need to be fast-tracked, with amendments to the criminal cooperation and extradition acts to support national cyber resilience.
“The absence of the law does not justify inactivity. If the law on private security is being drafted, it doesn’t take away the responsibility for you to lock your house,” the NAMFISA GM of ICT cautioned.
Cybersecurity is a global issue. According to the State of Human Risk (SOHR) 2026 Report, a single insider-driven data exposure event costs organisations an average of $13.1 million, and organisations experience an average of six such incidents per month – equating to nearly $943.2 million in annual losses.
