As cyberspace grows more complex and AI-driven threats become increasingly sophisticated, cybersecurity has emerged as a critical national priority, especially for Vietnam. Experts believe that building a resilient cybersecurity ecosystem cannot rest on isolated efforts, and demands close, coordinated action across government agencies, businesses, universities, and society at large.
Building cyber resilience
At a sideline discussion during the Signing Ceremony and High-Level Conference of the United Nations Convention against Cybercrime (known as the Hanoi Convention), Mr. Nguyen Manh Luat, CEO of CyberJutsu, said the biggest gap in Vietnam’s existing cybersecurity capacity lies in its “combat readiness”. He noted that Vietnamese people are intelligent, especially in technology, but the core issue is a lack of hands-on training programs and experienced engineers to lead such programs. Meanwhile, the rise of AI has made cyber incidents more sophisticated, both in scale and frequency.
From the perspective of a company that both develops products and provides cloud computing and AI services, Mr. Dang Hai Son, Offensive Security Lead at FPT Smart Cloud, described AI as “a double-edged sword” - AI for cybersecurity and cybersecurity for AI. In reality, hackers are often the first to harness AI for their attacks, while businesses and security experts, in defensive roles, are forced to reactively keep pace.
At the same time, cybersecurity awareness among most Vietnamese enterprises remains low. Mr. Pham Tien Manh, CEO of CyPeace, noted that over 90 per cent of Vietnamese businesses are small and medium-sized enterprises (SMEs) so their levels of investment and awareness in information security differ sharply from larger corporations. “Many of these SMEs have little to no awareness or proper investment in information security,” he said. “If 90 per cent of these businesses suffer cyber incidents, the consequences for the economy and business community would be severe.”
Beyond existing “gaps” in capability, cybersecurity faces even greater challenges within large organizations managing vast workforces and customer bases. To tackle this, experts emphasize the need to build a cybersecurity culture - transforming individual competencies into collective strength.
Mr. Nguyen Quang Hoang, Chief Information Security Officer (CISO) at MISA, outlined four key pillars for fostering a strong cybersecurity culture in enterprises with thousands of employees and millions of users.
The first is leadership commitment. “Many companies still view cybersecurity as a burden,” he explained. “They think ensuring security means higher costs for equipment and experts, and, sometimes, added inconvenience.” Without leadership willpower and clear, top-down communication, he continued, it will be difficult for teams to embed a culture of safety and security into their products.
The second is cybersecurity awareness training. In large enterprises, raising awareness across thousands or even tens of thousands of employees requires systematic education. Since levels of understanding differ between staff and customers, training content and methods must be tailored for each group. Though challenging, this is a crucial step towards establishing a security-first mindset.
The third is integrating security into product development - embedding protection into every phase, from design to operations. Security, Mr. Hoang stressed, must “run through every department and individual,” turning fragmented processes into a unified defense shield.
Finally, regular cybersecurity drills are essential. Experts say such exercises can close the gap in Vietnam’s “hands-on” cybersecurity experience.
Strength in cyber collaboration
Experts believe that solving cybersecurity challenges requires not only internal coordination within organizations but also strong cross-sector collaboration. No entity can fully protect itself in cyberspace. A sustainable cybersecurity ecosystem must be built on cooperation between the government, businesses, academia, and society as a whole.
According to Mr. Luat, the key obstacle to such collaboration lies in the lack of a “common language” among stakeholders. For instance, job postings from enterprises often don’t align with the knowledge and experience of graduates, creating a disconnect between education and industry needs. Meanwhile, Vietnam faces a severe shortage of cybersecurity talent, underscoring the urgency of expanding practical training and partnership models.
He noted that the US has established the NICE Framework and Europe the European Cybersecurity Skills Framework (ECSF) model, both of which clearly define cybersecurity job roles, categorize them by specialization, and outline the required knowledge, skills, and abilities (KSA) for each position. He suggested Vietnam develop a similar collaborative platform linking universities, training centers, businesses, and government agencies to ensure cybersecurity education aligns with real market demands.
Addressing the specific challenges of SMEs, Mr. Manh emphasized the need for government policies, such as legal frameworks, incentives, and tax or financial support - to encourage greater cybersecurity investment. Solution providers, in turn, should develop efficient and cost-effective services suited to SMEs’ financial capacity, while the SMEs themselves must raise awareness and make more informed, structured investments in cybersecurity.
Mr. Hoang added that isolated efforts make it difficult for enterprises to fend off cyberattacks. However, when they unite and share information, their defensive power multiplies - much like “herd immunity” in public health. “When one organization detects a new attack technique, it can immediately share the indicators of compromise (IOCs) with the alliance,” he explained. “Real-time threat intelligence sharing not only minimizes damage but also builds trust across the digital ecosystem,” he said.
Mr. Ngo Tuan Anh, Chairman of the ViSecurity (the Vietnam Cybersecurity Network) and CEO and Founder of Sun Cybersecurity Solution (SCS), said most cybersecurity products currently used in Vietnam are imported. Despite their technical talent, local cybersecurity firms have yet to achieve wide market adoption, largely because they have not created collective synergy. To change this, ViSecurity is working to connect Vietnamese cybersecurity enterprises and build an ecosystem of “Made in Vietnam” products.
Mr. Tuan Anh believes that while Vietnamese engineers possess exceptional technical capability, innovation must be paired with strong commercialization to turn that into world-class products. “Only when we succeed commercially can we generate the resources needed for reinvestment and continuous improvement,” he said. “Developing a domestic cybersecurity industry is both vital and necessary for national security.”
Google translate