Online Reporter
Rutendo Nyeve [email protected]
THE financial services sector has emerged as the hardest hit by data breaches and cyberattacks, prompting the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) to call for stronger data management practices across the industry.
This was revealed by Mr Evidence Mazhindu, POTRAZ Deputy Director for the Computer Incident Response Team (CIRT) and Enforcement, during the Insurance and Pensions Symposium held in Victoria Falls on Wednesday.
Presenting on data protection and cyber governance, Mr Mazhindu said the sector is increasingly vulnerable due to the vast amounts of personal data it handles.
According to the regulator, more than 60 data breaches have been reported, while over 100 warrants for search and seizure have been executed as part of ongoing enforcement efforts.
“In the absence of mitigation, the risks are profound,” he warned.
Mr Mazhindu highlighted the growing prevalence of cyber threats such as Business Email Compromise (BEC), ransomware and WhatsApp fraud, noting that criminals are exploiting weaknesses in digital systems to intercept messages, reroute calls and track user locations.
He revealed that 1 123 data controller licence applications have been received so far this year, signalling growing awareness of regulatory compliance. In addition, 1 218 data protection officers have been trained, while over 100 awareness initiatives have been conducted across six provinces.
The financial sector, which includes pension funds and insurance firms, remains a prime target, with pensioners, policyholders and beneficiaries particularly exposed to identity theft and impersonation.
“We have seen cases where scammers know exactly when a pensioner has been paid. This is a failure in data management somewhere along the chain,” said Mr Mazhindu.
To mitigate risks, POTRAZ has urged organisations to comply with the Cyber and Data Protection Act, obtain data controller licences and only partner with licensed entities.
Mr Mazhindu also recommended adoption of international standards such as ISO 27001 and ISO 277001, establishment of sector-specific incident response teams and intensified cyber hygiene awareness programmes.
“Only partner and cooperate with entities with data controller licences,” he said, emphasising that trust in digital financial systems depends on robust data protection frameworks.
