More Than Half of Vietnamese Agencies and Businesses Suffered Damage from Cyberattacks in 2025: Fewer Attacks, Higher Risks
Although the total number of cyberattacks targeting information systems in Vietnam declined in 2025, a more alarming reality has emerged: the proportion of agencies and businesses that actually suffered damage from cyberattacks continued to rise sharply. This trend reflects a fundamental shift in cybercriminal behavior—fewer attacks, but far more sophisticated and destructive.
According to statistics from the National Cyber Security Association (NCSA), Vietnam faced approximately 552,000 cyberattacks in 2025, down 19.38% compared to 2024. The data was published in a report compiled by the Association’s Technology Committee in December 2025, based on a survey of more than 5,300 agencies, organizations, and enterprises nationwide.
The decline in the number of surface-level attacks is seen as an initial result of increased investment in cybersecurity, along with improved awareness and defensive capabilities among many organizations. However, this reduction in volume does not mean that the digital environment has become safer.
On the contrary, the survey shows that 52.30% of agencies and businesses recorded actual damage caused by cyberattacks in 2025, a significant increase from 46.15% in 2024. This indicates that attackers are now prioritizing precision and impact over sheer volume.
Fewer Attacks, Greater Destructive Power
The five most common forms of cyberattacks in 2025 were distributed denial-of-service (DDoS) attacks; injection of gambling and betting advertisement links (backlinks); advanced persistent threats (APT); data theft; and ransomware attacks. Notably, these methods are no longer deployed in isolation, but are increasingly combined into multi-layered, carefully orchestrated attack scenarios.
Highly visible attacks such as DDoS are often used to disrupt services, draw attention, and divert the resources of cybersecurity teams. While organizations focus on resolving these immediate incidents, deeper layers of defense may be temporarily neglected. Cybercriminals exploit these gaps to launch stealthy, targeted intrusions, implant malicious code, and maintain long-term persistence within systems without being detected.
Mr. Vu Ngoc Son, Head of Technology at the National Cyber Security Association, noted: “Attackers are increasingly adopting double-layered strategies. They do not immediately encrypt data upon infiltration but instead remain dormant for extended periods to steal valuable information. Once there is no more data worth exploiting, they then proceed to encrypt systems and extort the victims.”
This assessment aligns closely with global trends. According to John Hultquist, Head of Intelligence Analysis at Google Threat Intelligence Group, modern cybercriminal groups are increasingly operating like professional espionage organizations, focusing primarily on the collection and exploitation of strategic data, rather than simple system disruption.
Vietnam Is Not an Exception to the Global Trend
A report by IBM Security shows that, globally, the average time required to identify and contain a data breach still exceeds 200 days. During this window, sensitive data may already have been copied, sold, or weaponized in subsequent cyber campaigns.
Charles Carmakal, Chief Technology Officer of Mandiant (US), warned: “Organizations tend to focus heavily on defending against ransomware, but they often underestimate the earlier phase—when attackers quietly exfiltrate data. By the time the breach is discovered, strategic-level damage has already been done.”
In this context, the fact that more than half of Vietnamese enterprises reported damage highlights the country’s ongoing vulnerability, particularly as the economy becomes increasingly dependent on digital platforms.
Positive Signs in Cybersecurity Awareness
Despite the risks, 2025 also recorded several encouraging developments. The proportion of agencies and businesses conducting cybersecurity awareness training reached 75.93%, indicating that cybersecurity has gained greater recognition among both leadership and employees.
Approximately 51.45% of organizations conducted cybersecurity drills, proactively developing response scenarios and incident-handling procedures. Notably, 51.65% of agencies and businesses have implemented or are operating a Security Operations Center (SOC), reflecting a growing trend toward centralized monitoring and early response.
In addition, 76.35% of enterprises reported having backup data systems in place, significantly improving their ability to recover from cyber incidents.
According to Tanya Janca, an international application security expert and advisor to major global technology corporations, this represents a critical step forward: “Backups and drills won’t stop attacks from happening, but they determine how well you survive a crisis.”
Human Resources and Governance Gaps Remain Critical Weaknesses
Nevertheless, behind these positive indicators lie persistent and concerning gaps. Nearly 47.72% of agencies and businesses continue to face shortages of cybersecurity personnel—a problem that has persisted for years without a comprehensive solution.
Beyond manpower issues, governance capabilities also remain limited. As many as 27.80% of organizations have not implemented any internal cybersecurity standards. More than half still lack centrally managed anti-malware solutions, while 8.71% do not use any antivirus software at all.
Even more alarming, 9.38% of agencies and businesses reported having no form of internet access control, such as firewalls, at their network gateways, leaving systems effectively “open” to external threats.
Eugene Kaspersky, founder of Kaspersky Lab, has long cautioned: “Cybersecurity cannot rely on isolated tools. Without a comprehensive strategy and skilled people to operate it, even the most advanced technologies become meaningless.”
Cybersecurity as a Strategic Pillar of Sustainable Development
Overall, compared to 2024, cybersecurity in Vietnam in 2025 shows clear progress in awareness and attention. However, investment in human resources, governance frameworks, and technical solutions still lags behind the speed and sophistication of modern cyberattacks.
The continued rise in the proportion of organizations suffering damage serves as a stark warning: cybersecurity is no longer a purely technical issue. It has become a strategic, governance, and sustainability challenge in the digital era—where even a small vulnerability can trigger far-reaching consequences for individual organizations and the broader economy.
