Q: What does your role as the Assistant Director of Cybersecurity at the Eswatini Communications Commission (ESCCOM) entail? What does your Unit do?
A: In a nutshell, I am responsible for overseeing the country’s cybersecurity strategy, ensuring that measures are in place to protect critical infrastructure. I also lead national cybersecurity capacity building and incident response efforts while collaborating with stakeholders across the public and private sectors to strengthen the country’s overall cyber resilience. I am also responsible for developing cybersecurity awareness programs to ensure that citizens practice good cyber hygiene. My unit manages national cyber incidents, monitors the internet for threats targeting Eswatini organizations, and provides advice to all stakeholders when a threat occurs. We promote national initiatives to develop a skilled cybersecurity workforce, and we propose, support, and review cyber laws, legislation, and frameworks.
Q: The global cybercrime industry is reportedly worth trillions of dollars. What is Eswatini’s standing in fighting cybercrime, especially compared to neighboring countries?
A: According to the Royal Eswatini Police Service (REPS), Eswatini lost approximately E15.9 million to cybercrime between September 2024 and September 2025. The highest rates of crime and scams happen in digital financial services, especially in mobile wallets and internet banking. This amount is small compared to South Africa, which loses about R2.4 billion to cybercrime. However, comparing cybercrime across countries is hard for several reasons, mainly due to differences in definitions, reporting practices, legal systems, and technical capacity.
The country participated in a survey called the Global Cybersecurity Index (GCI) conducted by the International Telecommunications Union (ITU) in 2024. The GCI measures how well a country is prepared to prevent, detect, and respond to cyber threats. It focuses on cybersecurity capabilities, assessing a country’s cybersecurity maturity and preparedness, and not the number of crimes. GCI scores are based on 5 pillars namely:
• Legal measures – Cybercrime laws, data protection laws
• Technical measures – Existence of CSIRTs, cyber drills, detection systems
• Organizational measures – National strategies, public-private coordination
• Capacity building – Training, education, cybersecurity programmes
• Cooperation – International and inter-agency coordination
Eswatini, along with two neighboring countries (Botswana and Mozambique), is rated as establishing in terms of cybersecurity readiness. The areas for potential growth include capacity building and technical measures. In Africa, Eswatini ranks 13th out of 44 countries. This represents an improvement over the previous GCI ranking of 26.
Q: How does the country balance its goal of becoming a digital-first nation with the need to protect itself and its citizens from cybersecurity threats?
A: Becoming a digital-first country means adopting digital services, infrastructure, and innovation across all sectors and national priorities. However, this also increases cyber risks, so cybersecurity must be integrated from the beginning rather than added later. Eswatini is on the right track by using a multi-layered approach to cybersecurity. The country has drafted regulations and will issue directives that include mandatory legal and technical requirements for critical information infrastructure.
To promote good cyber hygiene, ESCCOM runs targeted awareness campaigns to educate citizens and organizations about cyber risks. To develop a skilled workforce, in partnership with EIMPA and the Ministry of ICT, the Commission holds technical workshops and provides free cybersecurity courses open to the public. This strategy ensures ongoing protection of critical infrastructure, essential services, and personal data while encouraging innovation and building trust in the digital environment for citizens and businesses.
Q: ESCCOM’s Chief Executive, Mvilawemphi Dlamini, mentioned during this year’s Cybersecurity Awareness Month launch that more funding is needed to combat cybercrime. As a Commission, are you discussing resource mobilization with the government and other stakeholders?
A: Since the Cybersecurity Agency was established in 2022, it has not received any direct government funding to support national cybersecurity efforts. As a result, the Commission operates with limited resources, which significantly restricts its capacity. Nevertheless, we continue to engage with the government and regularly seek support from stakeholders to advance key cybersecurity initiatives. For example, we have partnered with UNESCO on a Child Online Safety project and obtained funding from the UK Government to enhance the capabilities of law enforcement and the judiciary in fighting cybersecurity threats and cybercrime.
Q: What are some initiatives your Office has implemented or is currently undertaking to combat cybercrime in the country?
A: Our approach to fighting cybercrime is multi-faceted and emphasizes awareness, capacity building, research, partnerships, and incident response. Firstly, awareness and outreach are key parts of our efforts. We tailor our awareness campaigns to different audiences. For instance, when visiting schools, our messages vary based on the students’ age groups. We also participate in community outreach whenever invited, such as during the Day of the Elderly event hosted by the Deputy Prime Minister’s Office, where we raised awareness about online scams and ways to protect against cyber threats. Beyond schools and communities, we engage with organizations and churches. We always encourage these institutions to invite us to hold awareness sessions on cybersecurity and safe online practices.
We also focus on capacity building. This involves equipping stakeholders within the cybercrime ecosystem with the knowledge and tools they need to combat cybercrime effectively. For example, last year we conducted a capacity-building exercise for prosecutors and law enforcement officers, focusing on the Computer Crime and Cybercrime Act, explaining what the offenses entail and how to collect digital evidence properly. We also create supporting documents and guidelines, such as our Cybercrime Guidelines for Law Enforcement, to enhance investigation and prosecution capabilities.
Thirdly, we invest in research and benchmarking. By conducting research and assessing our cybersecurity maturity, including participation in international surveys, we can identify our strengths, gaps, and areas for improvement. This allows us to refine strategies and policies to combat cybercrime more effectively. Finally, we have an Incident Response Team (IRT) within ESCCOM that monitors the internet for potential threats targeting Eswatini organizations. We have the tools to detect such threats, and whenever an incident occurs, we quickly notify and advise the affected organization on appropriate response measures. Overall, our work focuses on raising awareness, building capacity, enhancing readiness, and responding quickly to incidents, all to foster a safer and more resilient digital environment for everyone in Eswatini.
Q: What are the most common types of cybercrime you see in the country?
A: The most common types include mobile wallet fraud (fake scams), phishing, cyberbullying, and cyber harassment. Financially motivated scams continue to pose the greatest threat, especially as the use of digital banking expands.
Q: Which age group is targeted most in the country, and why?
A: Senior citizens are among the most targeted groups because they are generally less familiar with digital platforms and online security practices. However, young people are also vulnerable, especially to cyberbullying and exploitation through social media.
Q: Media reports claim that local large corporations and small businesses don’t report cybercrime incidents because they’re afraid of reputational damage. What have you observed?
A: That is true to some extent. Big corporations often worry about how disclosure might impact their reputation or customer trust. However, the culture is shifting. Last year, we had only one corporate incident reported to us. This year, the number has increased, indicating growing confidence in our processes and a greater recognition of the importance of collaboration. The Commission continues to strongly encourage organizations to report such incidents because reporting is essential; it helps us better understand the national threat landscape and develop appropriate interventions to protect the wider business community.
Q: Cyberbullying is a significant issue, especially for young children. What actions is the Commission taking to address this, and similarly, what should parents and guardians do to safeguard their children?
A: The Commission has launched multiple initiatives to combat cyberbullying. We continue to run nationwide awareness campaigns in schools, communities, and churches, advocating responsible online behavior among young people. Additionally, we are developing a Child Online Protection Strategy to safeguard children from potential online threats while enabling them to use digital technology safely and responsibly. During Cybersecurity Awareness Month, we will host a Youth Indaba, where young people can openly discuss digital issues that impact them. For parents, we always recommend open communication with children about online dangers, establishing clear rules for internet use, and monitoring their digital activities. When setting up a child’s device, it’s also important to enter their correct age, as many platforms automatically activate protective features for minors.