Rising Data Security Risks Put Vietnamese Organisations Under Pressure

Uncategorized March 20, 2026
nguyen-khac-lich-data-protection-vietnam

Vietnam’s cyber risk landscape is shifting. While the overall number of cyberattacks has declined, the financial and operational damage caused by data breaches is rising sharply. As data becomes a core economic asset, organisations face mounting pressure to protect personal and customer information, particularly ahead of the Personal Data Protection Law taking effect on 1 January 2026. The challenge is no longer simply preventing disruption, but safeguarding trust in an increasingly data-driven digital economy.

According to reporting by VietnamNet, this evolving threat environment reflects a deeper change in attacker behaviour, with cybercriminals increasingly targeting high-value data rather than launching indiscriminate attacks.

Fewer attacks, greater damage

Data from the National Cybersecurity Association shows that Vietnam recorded approximately 552,000 cyberattacks in 2025, a decrease of nearly 19.4% compared with 2024. Despite this reduction, 52.3% of agencies, organisations and businesses reported suffering damage, up significantly from 46.15% the previous year.

This apparent contradiction highlights a clear trend: attackers are shifting from broad-based disruption to more targeted intrusions. Advanced persistent threats, ransomware and data theft have become dominant methods, often deployed through multi-layered campaigns combining distributed denial-of-service attacks, malware installation and system infiltration.

Personal data is a particular target. Information such as identity details, phone numbers, addresses and even know-your-customer records are reportedly traded openly on online forums. In 2025 alone, losses linked to online fraud exploiting leaked personal data were estimated to exceed VND 6,000 billion, underlining the economic consequences of weak data protection.

Legal reform accelerates compliance demands

The regulatory environment is also tightening. The Personal Data Protection Law, passed by the National Assembly in June 2025, will come into force on 1 January 2026. The law clarifies the rights of data subjects and sets out organisational responsibilities across the entire data lifecycle, supported by Decree 356/2025/NĐ-CP covering sectors including finance, technology, e-commerce and the public sector.

Many organisations began reviewing data governance frameworks in early 2026, updating internal policies and introducing new controls. This aligns with wider national efforts to strengthen digital trust as part of Vietnam’s digital transformation agenda and ongoing cybersecurity enforcement measures.

Implementation, however, remains challenging. Small and medium-sized enterprises in particular report difficulties in interpreting the law’s scope, classifying data correctly and selecting appropriate technical solutions. Incidents in e-commerce and digital platforms suggest that compliance is as much an organisational and technological issue as a legal one.

Data as a strategic national resource

Nguyen Khac Lich, Director General of the ICT Industry Department
Nguyen Khac Lich, Director General of the ICT Industry Department, speaking on the strategic importance of data protection.

Speaking at a policy seminar in Hanoi on 20 March 2026, Nguyen Khac Lich, Director General of the ICT Industry Department at the Ministry of Science and Technology, described data as a core factor of production shaping national and corporate competitiveness. Technologies such as artificial intelligence, big data, the Internet of Things and cloud computing are all dependent on trusted data flows.

“Data is the ‘air and light’ of the new era – a strategic new resource.” — To Lam, General Secretary

As Vietnam positions itself as a growing digital economy and explores areas such as digital assets and data-driven services, the value of data continues to rise, alongside the risks associated with misuse and breaches.

From compliance burden to development opportunity

Nguyen Khac Lich argued that data protection compliance should be viewed as an enabler rather than an obstacle. Clear legal frameworks can support a transparent and secure data market, encourage responsible data sharing and strengthen public confidence in digital services.

Compliance can also help organisations standardise governance practices, improve credibility and meet the expectations of international partners, particularly in markets with stringent data protection requirements. At the same time, it opens opportunities for the development of regulatory technology solutions tailored to Vietnamese conditions.

Ultimately, protecting personal data underpins digital trust, a prerequisite for sustainable digital transformation. In an economy where data is often compared to a new form of oil, Vietnamese organisations are increasingly required to balance value creation with robust security. Those that succeed in doing both are likely to be better positioned as competition in the digital economy intensifies.

Latest News in Uncategorized:

Search

OpenGov Test © 2026, All rights reserved.

Newsletter image

Subscribe to the Newsletter

Join 10k+ people to get notified about new posts, news and tips.

Do not worry we don't spam!

GDPR Compliance

We use cookies to ensure you get the best experience on our website. By continuing to use our site, you accept our use of cookies, Privacy Policy, and Terms and Conditions.