In this survey, we have relied upon the respondents’ self assessments. Their responses have been presented with no modification or adjustment in an attempt to preserve the integrity and anonymity of the responses. We have not verified the accuracy or completeness of the information provided by the respective respondents.
Overall, our respondents were moderately familiar with cyber security management techniques and generally exhibited a positive attitude towards pro-active risk management. However, the general sentiment amongst survey respondents was that Namibia in general is not a high risk target for cyber crime. This is contrary to published data from internet security companies such as Symantec™, Verizon and the Ponemon Institute, which generally indicate a rise in activity globally as well as a rise in costs associated to successful breaches.
The results of the first Deloitte Cyber Security Survey for Namibia indicate that there is inconsistent appreciation and awareness of the risks and benefits of cyber security management in the Namibian market. We are pleased to note increased awareness of cyber security risks and increased commitment to appropriate responses in certain sectors, especially with regard to having proactive plans and controls in place. However, it is clear from responses in other areas and sectors that Namibia is still in the infancy of cyber security awareness and management.
The following are the high level findings of this survey:
- There is a lack of awareness of cyber risk;
- Accountability for cyber security is assigned, but not always to the correct level of personnel;
- There is a lack of high-level direction and governance for the management of information assets;
- Budgets for IT as a whole are comparable to global standards, but may be too low for the strategic development of information asset management;
- There is room for improvement on skills and training.
A number of Namibian industries are faced with the growing prevalence of Internet of Things and industrial control systems, which are generally maintained by parts of the business that do not necessarily have special training in information security and therefore do not always put adequate control measures in place. This causes these systems to become easy targets for malicious intent.
We would like to thank all the respondents to our survey for their time and efforts in providing us with valuable insight into the Namibian cyber security landscape. We trust that this report will contribute to the continued awareness of cyber security risk in Namibia.