The National Cybersecurity Strategy 2019–2024 of the Republic of Seychelles

The National Cybersecurity Strategy 2019–2024 of the Republic of Seychelles, led by the Department of ICT under the Office of the President, outlines the government’s commitment to building national resilience against cyber threats. As the nation becomes increasingly reliant on ICT across sectors, from government services to healthcare and finance, the risk of cyberattacks poses a growing challenge. Recognising this, the strategy adopts a holistic, multi-stakeholder approach to safeguard critical information infrastructure, develop national cybersecurity capabilities, and foster international cooperation.

The vision of the strategy is to ensure that Seychelles remains resilient to cyber threats while continuing to leverage ICT for socioeconomic progress. The mission is to establish a national cybersecurity ecosystem capable of withstanding and responding to evolving digital threats. To achieve this, five strategic goals were set.

First, the strategy calls for a robust legal and regulatory framework. Key initiatives include drafting and enacting a Cyber Crimes Bill aligned with international conventions such as the Budapest and AU Conventions, enhancing police powers to combat cybercrime, training law enforcement and prosecutors, and introducing a comprehensive Data Protection Bill. These efforts aim to modernise laws, ensure effective investigation and prosecution, and protect citizens’ personal data.

Second, the strategy targets the protection of ICT infrastructure and cyberspace. Projects under this goal include establishing a Critical Information Infrastructure Protection (CIIP) framework, promoting business continuity and risk management, ensuring secure software development, and enforcing compliance with security standards in e-government platforms. Additional measures involve national cybersecurity drills, adoption of baseline security standards by all organisations, and mandatory security audits for public institutions.

Third, the strategy focuses on national coordination and governance. It provides for the establishment of a National Computer Emergency Response Team (CERT-SC) and a Cybersecurity Unit (CSU) within the Department of ICT. CERT-SC will serve as the central body coordinating responses to cyber incidents, facilitating information sharing, and managing national CIIP initiatives. CSU, meanwhile, will implement IT security standards across government systems. Organisations will be encouraged to designate senior officers responsible for cybersecurity to ensure continuous institutional engagement.

Fourth, capacity-building and education are critical components. Awareness campaigns, civil service training, cybersecurity education across school curricula, and specialised training for SMEs are planned. The strategy also supports professional development for cybersecurity experts through scholarships, international certifications, and local training programs to address the shortage of skilled personnel.

Finally, the strategy emphasises international cooperation. Seychelles aims to join global cybersecurity organisations, engage with regional bodies like COMESA and SADC, build strong relationships with foreign CERTs, and attend international cybersecurity events. Law enforcement capabilities will be strengthened through partnerships with foreign agencies that can provide forensic and investigative support in complex cybercrime cases.