guest column:Bibi Khofi-Phiri CYBER attacks are increasingly threatening the integrity, privacy and security of individuals and organisations in Zimbabwe, with irreparable damages to their reputation and financial standing. According to the Reserve Bank of Zimbabwe (RBZ) (2015) and the Zimbabwe’s National Risk Assessment (NRA) report, of 2015, cybercrime has contributed to the US$1, 8 billion proceeds generated from criminal activity annually in Zimbabwe. Attackers are not merely interested in stealing funds or holding companies’ information hostage. They now wish to infiltrate and manipulate the entire ecosystem it belongs to. Subsequently, cyber attackers exploit these gaps in systems and functions. This article aims to highlight the necessity of a cyber-security framework that needs to be implemented in Zimbabwe to minimise cyber risk and exposure. Investment in cyber security systems is required to raise awareness and train professionals on the relevance of cyber security. Security features and regulatory enactments are required to serve as a guideline to identify and sanction cyber crime. Support must be given to cyber security strategies that detect and respond to cyber threats. Innovations in cyber security need support from all stakeholders including civil society, organisations, businesses and the government of Zimbabwe. Cyber risk management must be made mandatory and implemented in all organisations. Efficient rapid response is required in the face of threats or attacks in order to mitigate and minimise the exposure and impact of cyber attacks. Investment in cyber security structures and policies need be prioritised and implemented in Zimbabwe to minimise the risk and loss caused by cyber crime. Investment must be done in securing the internal, online and digital frameworks. The framework suggested by the National Institute of Standards and Technology (2018) is a foundational map that is meant to assist in identifying actions to minimise cyber security risk in business. The current framework that governs cyber crime in Zimbabwe is the Constitution of Zimbabwe (Amendment Number 20 of 2013) being the supreme law of the land enshrining all fundamental rights relevant to cyber security such as the right to human dignity (section 51); the right to personal security (section 52); the right to privacy (section 57); the right to freedom of expression and the freedom of the media (section 61); the freedom of artistic creativity, academic freedom (section 61 (1)(d) and freedom of scientific research and creativity (section 61(1)(b)); the access to information (section 62); the right to administrative justice (section 68); the right to a fair hearing (section 69); the right of accused persons (section 70). The Criminal Law Codification Reform Act (Chapter 9:23), the Interception of Communications Act (Chapter 11:20), and the provisions of the Income Tax Act (Chapter 23: 06) and the Postal and Telecommunications Act (Chapter 12:05) remain the backbone of all telecommunications, internet, and electronic based communica