IT experts have advised companies in Botswana to strengthen their information security and warn that most businesses in the Southern African country fall way short of implementing the required level of cyber protection.

Beza Belayneh, Cyber security Architect at the African Cyber Risk Institute, ‎South African Centre for Information Security, says while Botswana's financial sector and foreign-owned companies have generally adopted a stringent approach to cyber security, most organisations in public and private sectors need to do a lot to internalise common practices of information security controls.

"Like many developing countries, only the financial institutions are compliant to some sort of government and industry regulatory requirements," said Belayneh. "International organisations, by virtue of their multinational head office, they also subscribe to fundamental measures to mitigate cyber risk."

Belayneh believes that the absence of consumer protection agencies and a government regulatory authority to enforce cyber risk compliance, there is little incentive for companies to adopt a more proactive stance regarding IT security.

The result is that security is not considered a priority by many organisations and is limited to standard traditional password and firewall driven security controls.

Itumeleng Garebatshabe, CEO of Intellegere Holdings, a Botswana-based IT consultancy, echoes the sentiment. "Most companies, if not all, are not compliant with basic information security principles."

Experts have identified financial fraud (mainly through phishing), malware and ransomware, copyright infringement and espionage, as among the most serious threats to businesses.

"Criminals are always one step ahead of law enforcement across the world ... developing countries are more at risk as they still don't have the right skilled personnel and shortage of resources," said Garebatshabe,

Botswana's current mobile penetration rate stands at approximately 160%, according to 2015 statistics sourced from the Botswana Communications Regulatory Authority.

Last year several public and private institutions were hacked, including leading national newspaper Mmegi which lost twelve years of archived data.

Belayneh called for more intense collaboration to prevent cybercrime from becoming a national crisis.

He added that government should take the lead in establishing a regulatory framework to compel companies housing information on citizens to disclose incidents of data breach.