Safeguarding data security in the digital age

In the digital age, data has become a strategic resource that underpins the digital economy, a nation’s competitiveness and the stability of society. Unsurprisingly, it has become a prime target for cybercriminals intent on manipulating behaviour, diverting financial flows, undermining public trust and eroding digital sovereignty.

Data has become a strategic resource that underpins the digital economy, a nation’s competitiveness and the stability of society.
Data has become a strategic resource that underpins the digital economy, a nation’s competitiveness and the stability of society.

Viet Nam’s cyber‑security landscape is undergoing a marked shift. While the number of attacks in 2025 declined, the proportion of organisations reporting actual damage rose to 52.3%. Campaigns frequently target critical systems in banking, finance, energy, telecommunications and state agencies.

According to the Department of Cybersecurity and High‑Tech Crime Prevention (A05) under the Ministry of Public Security, more than 502 million organisational records were exposed in the third quarter of 2025 alone — the highest figure ever recorded. Such leaks threaten privacy and information security, and increasingly fuel personalised fraud driven by artificial intelligence (AI).

Vu Duy Hien, Deputy Secretary‑General and Chief of Office of the National Cybersecurity Association, noted that attacks have shifted from mere system disruption to seizing data, exploiting digital identities and manipulating user behaviour. The consequences now extend beyond economic loss to directly undermining social trust, national security and citizens’ lawful rights in cyberspace.

Safeguarding data and privacy is not merely a technical or compliance matter; it is inseparable from national security, digital sovereignty, human rights and social trust in the digital era.
Major Tran Trung Hieu, Deputy Director of A05’s National Cybersecurity Centre

The National Cybersecurity Association attributes many breaches to weaknesses in data governance. Four pressing issues stand out: excessive data collection without adequate safeguards; lax access management; absence of monitoring, detection and early‑warning tools; and insufficient risk assessment when data are stored, processed or transferred across diverse platforms and environments.

As data increasingly becomes the prime target of cybercriminals, its protection must be treated as a core element of governance, risk management and security for every agency, organisation and enterprise.

Vu Duy Hien stressed that effective protection requires governance across the entire data lifecycle — from collection and storage to processing, sharing and disposal. Data should be collected only for legitimate purposes, used transparently, access tightly controlled, and made auditable, monitorable and traceable in the event of an incident.

Major Tran Trung Hieu, Deputy Director of A05’s National Cybersecurity Centre, emphasised that safeguarding data and privacy is not merely a technical or compliance matter; it is inseparable from national security, digital sovereignty, human rights and social trust in the digital era.

le-dien-tap-an-ninh-mang-3-1920x1073.jpg
Team participants in a live cybersecurity exercise (Photo: National Cybersecurity Association).

In recent years, Viet Nam has prioritised building a robust legal framework to protect data resources. The National Assembly’s approval of the Data Law (effective July 1, 2025), the Law on Personal Data Protection (effective January 1, 2026) and the 2025 Cybersecurity Law (effective July 1, 2026, which defines “data security” as integral to national cybersecurity) marks significant progress towards systematic, accountable and safe data governance.

These laws establish a unified mechanism to regulate the collection, processing, storage, sharing and cross‑border transfer of data. They address fragmentation and overlap in management across sectors and actors, while laying the foundation for Viet Nam to strengthen international cooperation, build trust in the data environment, meet integration requirements, expand the digital economy and protect citizens’ rights in the digital realm.

For instance, the Law on Personal Data Protection introduces strong sanctions: breaches of cross‑border transfer rules can incur fines of up to 5% of the previous year’s revenue. This sends a clear signal that data must be governed responsibly, with strict controls and accountability.

Technological autonomy is decisive in a nation’s ability to defend itself in cyberspace. When citizens’ data are held by cross‑border platforms without proper oversight, risks to sovereignty and national security become acute.

Beyond legislation, technological autonomy is decisive in a nation’s ability to defend itself in cyberspace. When citizens’ data are held by cross‑border platforms without proper oversight, risks to sovereignty and national security become acute.

A sobering reality is that domestic cybersecurity products are used in only about 24.77% of agencies and enterprises. Stronger policies and decisive action are needed to move from “partly meeting needs” to “mastering the ecosystem”, reducing reliance on foreign platforms and global threat‑analysis tools.

Nguyen Le Thanh, founder and Executive Chairman of security firm Verichains, observed that even small acts of caution — such as pausing to verify a source or refraining from instant sharing — create a human layer of defence that no AI system can replicate.

Ensuring data security demands a close interplay of technological autonomy, a rigorous legal framework and citizens’ awareness of self‑protection. Only then can data sovereignty and social trust be firmly safeguarded in the new era.

Back to top