Reversing Vietnam’s rising cybercrimes: Steps to better-securing enterprises and business
With October being Cyber Awareness Month, now is an apt time to address one of Vietnam’s most pressing risks: cybercrime
The year 2025 could become the tipping point in Vietnam’s fight against online crimes. Last year, almost half of Vietnamese organisations were targeted by cyberattacks, and given the rapid proliferation of these crimes over previous years, it is highly likely that over half of organisations here will encounter one in 2025. By comparison, some 13,900 such attacks were reported in 2023; a year later, this number rose to an estimated 659,000.
Cybercrime is now one of the country’s top risks for businesses, government entities and the Vietnamese public at large. It is not uncommon to read about a high-profile attack on a weekly basis. Indeed, there have been some noteworthy victims over the past few years. These include Vietnam Post, Hanoi Hospital, securities firm VnDirect, and three major state-owned media agencies, among many others. The motivations appear to have been varied, with some wanting to expose sensitive data, others wanting to extort cash, while a handful are seeking to damage the reputations of victims.
According to the World Cybercrime Index, Vietnam experiences the highest number of cybercrimes in Southeast Asia. Moreover, the amounts of money stolen are staggering: in the fraud space for instance, US$744 was lost to online scams alone in 2024.
Unprepared and ill-equipped
Many observers at home and overseas question why the nation has become such a prime target for both domestic and foreign perpetrators. The simple answer to this is money.
The economy of Vietnam has experienced high growth over the past few years, expanding by an average of around 7% yearly since 2022. Vietnam has benefitted enormously from the China Plus One strategy of international manufacturers and service providers. In addition, policies of the Government of Vietnam continue to promote interprovincial competition, which has raised production standards and the general competitiveness of organisations nationally across many sectors.
These factors and others are making Vietnamese companies bigger and more profitable. Technology companies, energy conglomerates and financial institutions have been noteworthy beneficiaries. However, the success of these organisations has also caught the attention of cybercriminals, who in the past few years have caught their victims off guard.
Recently, Vietnam’s National Cybersecurity Association found that almost 90% of enterprises and businesses are inadequately prepared for a cyberattack. Therefore, we need to ask: How can they become better equipped?
Security shortcomings
To remedy the problem, organisations must first identify the reasons behind their cyber shortcomings. Broadly, there remains a lack of cybersecurity personnel within Vietnamese organisations. On one hand, this is the result of there being a shortage of such professionals nationally. On the other hand, it is the result of businesses prioritising expansion over protection.
This is also the case when it comes to installing appropriate cybersecurity tools and technologies. All too often, systems that can help grow businesses are prioritised over those that can shield them against online risks. A further challenge – speaking as a Vietnamese myself – is the risk culture in Vietnam, which tends to be more reactive than proactive. Typically, business leaders tend to not worry about risk events until after they happen, when they should be thinking about them before they strike.
And lastly, understanding the far-reaching consequences of the risks without adequate protection. Overall, cybercrime awareness is low nationally. Not only are businesspeople and the general public unaware of the types of cyberattacks they are exposed to; they also don’t know about the range of technologies that can help protect them against these, as well as the tools that can detect them when they strike. Quite simply, without an appreciation of the wide range of cyber risks they are exposed to, organisations and individuals will continue to ignore these and remain highly vulnerable. So, what must change?
Closing the gaps
Given the lack of cyber awareness within organisations, they should consider investing in skilled, local talent who understand both the risk landscape and the tools to counter these. In the event that they are unable to hire an appropriate professional, they should consider outsourcing this to a reputable, tried and tested cybersecurity vendor. Whether a person or service provider, once on board, organisations should conduct a security audit to fully understand their cyber exposures.
Next, they should set out to identify and fix all weaknesses. Fortunately, there are a handful of tools organisations can leverage to better protect, detect and respond to cyberattacks. Installing multi-factor authentication is one: it is universally acknowledged that single factor approaches like passwords are highly susceptible to being hacked. An endpoint detection and response solution that is widely implemented throughout a network is another measure, as is the ability to deploy cybersecurity software on all devices. Lastly, consider installing robust back-up systems, as hackers typically destroy these during an attack.
The role of insurance
Insurance should also be considered as part of an organisation’s cyber resilience strategy. There are numerous policies that can support businesses when attacks strike. For example, cyber business interruption coverage reimburses the loss of income arising from attacks; forensics cost coverage pays for independent security specialists to identify hackers and ascertain the scope of cyberattacks; while cyber extortion coverage pays for expenses arising from a cyber-extortion event. These are a mere handful of the policies available for organisations.
On top of these, having a wide variety of support services on hand when an attack strikes is critical. As part of our client servicing offering, QBE provides a 24-hour emergency hotline for its policy holders, granting them access to a network of specialised cyber and data security experts, as well as lawyers, communication specialists and others needed to respond to attacks.
To learn more about QBE Vietnam’s cyber coverage visit https://www.qbe.com/cyber/cyber-services. Alternatively, you can contact us for a discussion at [email protected].
For more tips on staying clear of the various cybercrimes, visit my colleague, Sam Russell-Vick’s article here.