By 
Darren Magumura
Cyber fraud recorded as the largest share of incidents handled by Zimbabwe’s Computer Incident Response Team in 2025, making up 33% of cases.
Data Protection Officer Pride Mukumba released the statistics during a presentation at Potraz’s Media Engagement and Awareness on the Cyber and Data Protection Act [Chapter 12:07] meeting, held last week. The figures showed that fraud accounted for 33% of cases reflecting an increase in online and digital crimes being commited in the country.
“ Cyber fraud cases reported to the Computer Incident Response Team (CIRT) included social media and mobile money scams, fraudulent websites and impersonation schemes that target both consumers and small businesses” said Mukumba.
Fraudulent online and digital platforms have been increasing in Zimbabwe such as the E-Creator online earning platform purported to have operated as a ponzi/pyramid scheme, promising users easy money for simple online tasks such as posting positive reviews and recruiting new members, whose operations abruptly shut down leaving many zimbabwean users unable to withdraw funds, resulting in loss of financial funds invested in the platform.
He further said that Zimbabweans should be responsible for the protection of their personal information to avoid data breaches which could lead to financial loss and reputational damage.
The CIRT breakdown, presented by Mukumba, also showed 27% of cases involved cyberbullying, 17% were classified as hacking, 13% as smishing and 10% as cyber theft. The figures reflect incidents reported to the national response team by individuals, businesses and government agencies during the calendar year.
The statistics were presented against the backdrop of Zimbabwe’s Data Protection and Cybersecurity framework, which aims to regulate the collection and processing of personal information and strengthen national cyber resilience. The Data Protection Act, enacted in 2021, established legal standards for how personal data must be handled.
He went on to put forward the importance of CIRT and its role in protecting national critical infrastructure in the cyber space, also it plays a critical role in scanning the cyber space for threats and also provide advice to data controllers which entail individuals, businesses and organisations that handle sensitive information, to ensure they protect national critical infrastruscture.
The 2025 statistic totals were compiled from complaints and incident reports directed to the POTRAZ Computer Incident Response Team (CIRT), which serves as the national hub for detecting, analysing and coordinating responses to cybersecurity incidents, with Zimbabwe’s Data Protection Act, enacted in 2021, established legal standards for the collection, processing and storage of personal information and created a regulatory office to oversee compliance.
He urged individiuals, organisation, businesses that handle personal and sensitive information to report data breaches to POTRAZ within 24 hours of becoming aware of a data breach as mandated by regulatory obligations.
The law requires organisations that handle personal data to implement safeguards, report breaches and respect individuals’ rights to access and correct their information.
The organizations that collect or process personal information are required to implement safeguards to protect that data and to notify authorities and affected individuals in the event of a breach.
The legislation also provides for penalties for noncompliance and gives individuals rights to access and correct their personal information.
The Computer Incident Response Team (CIRT operates in accordance with POTRAZ’S mandate to protect personal data and to promote safer digital practices, the authority has powers to investigate breaches, issue enforcement notices and impose penalties for noncompliance, officials said, and it has been building partnerships with privatesector firms and international agencies to bolster incident response.
Comments