While this marks an improvement from just 5% in 2024, the overall level of readiness remains critically low, experts said.

The statistics, based on a recent report from Cisco, reveal significant gaps in cybersecurity infrastructure across the country.

More than half of surveyed organisations (52.89%) still lack sufficient technological tools to handle cyber incidents, while 56.16% do not have dedicated cybersecurity personnel. These deficiencies remain a serious concern, especially as digital transformation accelerates and cyber threats become more complex and damaging.

In 2024, Vietnam recorded more than 659,000 cybersecurity incidents, affecting around 46.15% of public and private institutions. Despite the rising volume and severity of attacks, most businesses still lack the capability, processes or preparedness to respond effectively.

Recent attacks have further exposed the vulnerabilities of critical sectors. In November 2023, a ransomware attack encrypted an entire system within the energy sector. Throughout 2024, similar attacks targetted the securities firm VnDirect, resulting in system-wide encryption, VNPOST, which had 12 servers compromised and a hospital in Hanoi, where nine servers were locked down.

More recently, in April 2025, hackers stole data from three major State-run media agencies. A local bank also suffered a serious breach, with attackers transferring over VND100 billion (approximately US$3.9 million) to accounts under their control.

Deputy Director of the National Cybersecurity Centre under the Ministry of Public Security, Lieutenant Colonel, Tran Trung Hieu, noted that poor reporting habits and a lack of preparedness had hampered response efforts in many of these cases.

“We found that affected organisations often delayed reporting incidents, failed to maintain system logs or had disabled monitoring tools. This makes it difficult to trace the attack and contain the damage,” he said.

He added that many businesses lacked essential contingency plans, such as data back-ups or system isolation protocols, leading to passive and reactive responses during crises. Coordination between internal teams is also often fragmented, while leaders frequently underestimate the true impact of such breaches.

Experts stressed the importance of treating cybersecurity as a strategic issue rather than an afterthought.

“There is no system too small to be attacked. If it’s connected to the Internet, it can become a gateway for a major breach,” said a representative from CMC Corporation, referencing an attack on their own systems that caused a ten-hour disruption in April 2025.

Head of the Technology Research Committee at NCA Vu Ngoc Son said that business leaders must play an active role in enhancing cybersecurity preparedness.

“Cybersecurity is not something you can deal with after a breach. It must be planned early, integrated into your risk management strategy and supported from the top down,” he said.

He added that building an effective defence requires a combination of technologies, well-defined response procedures and regular drills, along with collaboration between businesses and cybersecurity experts.

The NCA also highlighted that the weakest link in most organisations remains human error. Many cybersecurity breaches stem from low levels of awareness and basic mistakes. Experts recommend that training and awareness-raising programmes should be conducted regularly to equip staff with essential cybersecurity knowledge and skills.

Beyond human training, organisations are encouraged to invest in integrated cybersecurity solutions that combine AI-powered monitoring, threat intelligence platforms and real-time analytics. These tools can help detect and respond to attacks early, before they cause widespread disruption.

Experts also advised organisations to establish clear incident response plans, define team responsibilities and maintain updated contact channels with relevant authorities.

“Preparedness includes having communication lines ready to notify law enforcement or cybersecurity experts immediately when an incident occurs,” Son said.

As cyber threats grow more sophisticated, experts warn that Vietnam's public and private sectors must act swiftly to close the readiness gap. Effective cybersecurity will be essential not only for protecting digital infrastructure but also for safeguarding the long-term development of the country’s digital economy.

Vietnam ranked in leading group of cybersecurity countries

Vietnam continues to be among the countries with the highest overall cybersecurity index score in the fifth Global Cybersecurity Index.