<![CDATA[The Internet and its transformative technologies have become essential to both emerging and established businesses. While organisations benefit from connectivity, they are also increasingly vulnerable to cyber-attacks, underscoring the need for robust monitoring systems and comprehensive cybersecurity policies. In Namibia, many organisations have cybersecurity policies, yet employees are often unaware of existence of such policies. This study aimed to examine the complexities of cybersecurity policies within Namibian organisations and provide a tailored roadmap for developing, implementing, and ensuring compliance with these policies to suit the unique landscape of Namibian businesses. Using a qualitative approach guided by design science research, data was collected from 21 participants, including Information Technology (IT) and security managers as well as employees from five organisations across various sectors in the country. The findings indicated that Namibian organisations are commitment to cybersecurity through comprehensive policies aligned with international standards. However, organisations face impediments that underscore the need for targeted strategies to overcome barriers to policy enforcement. From these finding a framework was designed with strategies and action plans and evaluated by industry experts. The CSPIC framework was considered Good (rating 2) in most areas by the experts. Gaps in existing frameworks such as usability, adoptability, and budget prioritization were addressed by the proposed CSPIC framework. The Cybersecurity Policy Implementation and Compliance (CSPIC) framework's uniqueness lies in its local adaptability, actionable strategies, and emphasis on leadership and employee engagement.]]>
