Resources
Access regulatory frameworks, global and regional cyber threat reports, and authoritative sources to support executive and board-level digital governance.
Regulatory Landscape: Cybersecurity, Data Protection & Operational Resilience – Zimbabwe
This reference library consolidates the core laws, frameworks, and guidelines governing cybersecurity, data protection, and operational resilience in Zimbabwe. It is designed for executive and board-level awareness, providing authoritative links to current regulations from statutory bodies including POTRAZ, the Reserve Bank of Zimbabwe (RBZ), and the Insurance and Pensions Commission (IPEC).
A. Core Legislation
Cyber and Data Protection Act [Chapter 12:07] (2021)
Issuer: Ministry of ICT & POTRAZ
Key Provisions: Establishes data-protection principles, defines offences in cybercrime, mandates creation of the Data Protection Authority.
Cyber and Data Protection (Licensing of Data Controllers and Appointment of Data Protection Officers) Regulations, S.I. 155 of 2024
Issuer: POTRAZ
Key Provisions: Introduces licensing for data controllers, DPO appointments, and compliance obligations.
B. Financial Sector (Banking and Fintech)
National Payment Systems Cybersecurity Framework (2021)
Issuer: Reserve Bank of Zimbabwe (RBZ)
Purpose: Sets out cybersecurity and resilience controls for all NPS participants.
RBZ Guidelines, Directives & Circulars
Issuer: Reserve Bank of Zimbabwe (RBZ)
Purpose: Includes operational risk, mobile banking, and incident reporting directives.
Banking Act [Chapter 24:20]
Issuer: Ministry of Finance / RBZ
Purpose: Governs prudential and operational resilience; basis for supervisory directives.
C. Insurance and Pensions Sector
Insurance (Amendment) Regulations, S.I. 206 of 2019
Issuer: Insurance and Pensions Commission (IPEC)
Purpose: Amends insurance regulations; includes governance and compliance aspects.
Risk-Based Cybersecurity and Data Protection Framework
Issuer: IPEC / Industry Guidance
Purpose: Recommends baseline cybersecurity and data-protection practices for insurers and pension funds.
D. Cross-Sectoral / Strategic Reference
National ICT Policy (Revised 2021)
Issuer: Ministry of ICT
National Cybersecurity Policy and Strategy (2021)
Issuer: Government of Zimbabwe
Data Protection Authority Portal
Issuer: POTRAZ
Digital Operational Resilience Act (DORA)
Issuer: EUR-Lex – Regulation (EU) 2022/2554
Key Provisions: Elevates operational and ICT resilience in the financial sector from best-practice to legal obligation, mandating harmonised governance, incident reporting, third-party oversight and threat-led testing for financial entities operating in the EU.
DRI International (DRII)
Issuer: DRI International
Key Provisions: A global professional body that defines the standard of competence and practice for business continuity and resilience professionals worldwide — providing the foundational framework by which organisations build resilient capabilities to meet increasing regulatory and operational expectations.
Global Frameworks & Standards
Authoritative international frameworks and standards that provide the foundation for building cybersecurity, resilience, and information security capabilities across organisations globally.
ISO/IEC 27001
Authority: International Organization for Standardization
Overview: A globally recognised standard that provides the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). It offers a structured, risk-based approach to managing information security.
NIST Cybersecurity Framework (CSF) 2.0
Authority: National Institute of Standards and Technology (NIST)
Overview: A widely adopted cybersecurity framework that defines core outcomes and activities across cybersecurity functions. Version 2.0 expands coverage to governance, supply chain risk, and broader organisational risk management.
Essential Eight (Australia)
Authority: Australian Signals Directorate (ASD)
Overview: A set of eight prioritised cybersecurity mitigation strategies developed by the Australian Signals Directorate to help organisations reduce exposure to common cyber threats. It provides a practical baseline for uplift across prevention, response, and recovery.
ISM Controls & PSPF (Australia)
Authority: Australian Government – Cyber Security Centre & Department of Defence
Overview: The ISM provides detailed cybersecurity controls for Australian organisations, while the PSPF sets out security policies for protecting people, information, and assets across government entities. Together, they support consistent security governance and technical control implementation.
Links:ISM | PSPF
Data Breaches Reference (Huntress)
Authority: Huntress
Overview: A continuously updated reference listing major global data breaches, offering visibility into common attack vectors, organisational impacts, and lessons learned for improving cybersecurity posture.
Board and Executive Obligations
Essential guidance for board members and executives on their responsibilities regarding information protection, cybersecurity, and business continuity.
Global Cyber Threat Analysis Reports
This document consolidates leading global cyber threat reports for executive and board-level reference. Each report provides insights into the evolving cyber landscape, focusing on risks, threat actors, and strategic trends impacting global institutions across finance, technology, and public sectors.
Verizon 2025 Data Breach Investigations Report (DBIR) – Full Report
Comprehensive and data-driven analysis of over 22,000 incidents and 12,000 confirmed breaches. The most authoritative and balanced view of global cyber threats.
Verizon DBIR 2025 – Executive Summary
Short and accessible version ideal for non-technical board briefings and strategic risk awareness.
CrowdStrike 2025 Global Threat Report – Full Report
Highlights adversary tradecraft, speed of intrusion, and the most active eCrime and state-sponsored groups.
ENISA Threat Landscape 2025 – Booklet
European Union's authoritative summary of the cyber threat landscape with strategic focus on resilience and AI-driven risks.
World Economic Forum – Global Cybersecurity Outlook 2025
Provides strategic insights on global cyber risk interdependencies, leadership priorities, and resilience investment trends.
Cyber Threat Landscape – Africa
This document consolidates leading Africa-focused cyber threat reports suitable for executive and board-level briefings. Each source highlights trends, threat vectors, and governance priorities shaping cybersecurity and digital resilience across the African continent.
INTERPOL – Africa Cyberthreat Assessment Report 2025
Highlights the sharp rise in cybercrime across Africa, including phishing, online scams, and business email compromise. Underscores the gap in regional law-enforcement capacity and need for cross-border collaboration.
KnowBe4 – Africa Human Risk Management Report 2025: The Human Element in African Cybersecurity
Focuses on the human factor in cybersecurity, employee awareness, behaviour patterns, and organisational culture. Essential reading for boards shaping awareness and culture programmes.
Kaspersky Labs – Africa Cyberthreat Landscape Report 2025
Summarises attack trends across Africa including phishing, ransomware, and web-based intrusions. Provides a quantitative picture of cyber risk distribution across sub-regions.
PwC – East Africa Digital Trust Insights 2025
Evaluates East Africa's readiness for digital transformation and resilience. Emphasises the strategic role of leadership in driving cyber maturity and stakeholder trust.
Cyber Breaches – Notable Case References
Resources coming soon. Check back later for case studies and reference materials on notable cyber breaches.
Cyber Technologies
Resources coming soon. Check back later for technology guides, tools, and implementation frameworks.
Need Guidance on These Resources?
Our team can help you understand and apply these frameworks to your organisation's specific context. Let's discuss how we can support your digital governance journey.