Digital transformation is spreading widely across the business community, particularly among small and medium-sized enterprises (SMEs), which account for around 98% of all operating businesses in Viet Nam. However, many companies are entering the digital environment with limited resources, a shortage of technology personnel and insufficient incident response experience. A single online scam, data breach or ransomware attack can disrupt business operations, resulting in losses in both revenue and reputation.
Experts have warned that most cyber attacks today are targeting SMEs, as many in this group have yet to invest adequately in cyber security. According to international statistics, around 60% of SMEs are forced to cease operations within six months of suffering a ransomware attack, demonstrating that just one cyber security incident can deprive a business of its operational capacity.
The reality in Viet Nam also indicates that risks are increasing. According to the National Cyber Security Association, around 52% of businesses experienced cyber attacks in 2025. Approximately 552,000 attacks were recorded during the year, with 52.3% of agencies and enterprises reporting actual damage.
Common forms of attack included exploiting system vulnerabilities, account breaches, online fraud and ransomware. These attacks are no longer merely technical issues but have become direct business risks. A ransomware incident can paralyse systems for several days, disrupt supply chains, cause revenue losses and severely damage corporate reputations.
Not only are cyber attacks increasing in scale, but their methods are also becoming more sophisticated. Hackers are shifting from “broad attacks” to “deep attacks”, focusing on exploiting valuable data. Colonel and Dr Nguyen Hong Quan, Deputy Director of the Department of Cyber Security and High-tech Crime Prevention under the Ministry of Public Security and Head of the Data Security and Personal Data Protection Committee under the National Cyber Security Association, said that the development of artificial intelligence (AI) is fundamentally changing attack methods in cyberspace. With AI support, cyber attacks can now be automated on a massive scale and with unprecedented sophistication.
Meanwhile, a major weakness among many businesses today lies in their ability to control data once it leaves internal systems, particularly among foreign direct investment (FDI) enterprises holding large volumes of research data, engineering designs and customer information.
Alongside increasingly complex threats, Viet Nam’s legal framework on data protection is also becoming stricter. Under current regulations, violations may result in fines of up to 3 billion VND (114,000 USD) or 5% of annual revenue. In the context of rapid digital transformation, without a robust cyber security “shield”, the digitalisation process itself could become a major risk for businesses.
The rise in cyber attacks is creating a new requirement for enterprises: not only to undergo digital transformation, but also to build capabilities to protect systems and data. The gap between “having security solutions” and “possessing genuine defence capabilities” remains considerable. According to experts, only around 11% of businesses are adequately prepared to respond to cyber security incidents, while most lack dedicated personnel and incident response procedures. As a result, many companies, despite investing heavily in security tools, still fail to detect critical risks in time.
The core issue lies not in a lack of technology, but in the ability to monitor and manage risks comprehensively. Many enterprises are using isolated security solutions without the ability to connect and analyse data at the system level, causing important alerts to be overlooked.
The rate of ignored or delayed alerts can reach 30-40%, creating dangerous “blind spots” in defence systems. Tran Quoc Chinh, Chief Executive Officer of CMC Cyber Security, noted that in many cases major damage does not stem from the attack itself, but from the failure to detect and control developments in the first critical hours, allowing a technical incident to quickly escalate into an operational crisis.
From the perspective of cyber security enterprises, Nguyen Minh Duc, Founder and Chief Executive Officer of CyRadar Information Security JSC, said that most recent attacks have targeted SMEs because many businesses still do not fully recognise the importance of data protection and have not invested sufficiently in information security. Alongside technology, the human factor remains crucial, particularly in raising employees’ awareness of online fraud schemes.
The Government has issued Decision No. 433/QD-TTg approving the Digital Transformation Scheme for SMEs for the 2026-2030 period, aiming to support at least 500,000 SMEs, including 300,000 enterprises applying digital platforms, digital technologies and AI. This is regarded as an important step in accelerating digitalisation within the business sector while also strengthening capabilities to protect data and digital systems.
Resolution No. 57-NQ/TW dated December 22, 2024 of the Politburo on breakthroughs in science and technology development, innovation and national digital transformation identifies cyber security as a key pillar of national digital transformation. The Law on Cyber Security encourages agencies, organisations and businesses to prioritise the use of “Make in Viet Nam” cyber security solutions, thereby strengthening technological self-reliance and safeguarding digital sovereignty. As data increasingly becomes a strategic asset, the ability to protect data and digital systems will become one of the core competitive capabilities of businesses in the digital era.
