By the third quarter of 2025, many banks recorded more than 95 percent of transactions conducted via digital channels. The financial switching and electronic clearing systems processes an average of over 41 million transactions per day. The interbank electronic payment system handles an average transaction value of more than VND1.55 quadrillion per day.

Alongside the strong development of digital payments, the banking sector has paid close attention to information system security and safety to ensure sustainable growth.

However, as digital transformation accelerates, the global cybersecurity environment has become increasingly complex, posing new risks and challenges to ensuring information security and safety.

At the workshop “Protecting national financial security in the digital era,” jointly organized by the National Cybersecurity Association and the State Bank of Vietnam (SBV) on December 23 in Hanoi, Phan Thai Dung, Deputy Director General of the SBV’s Information Technology Department, pointed out emerging risks and challenges.

These include organized organized cybercrime groups’ targeted attacks on financial and banking systems, and hackers exploiting vulnerabilities in global IT infrastructure while developing new, more sophisticated attack techniques.

The buying and selling of cyberattack tools on underground markets have also heightened overall risks to the security and safety of critical information systems.

In addition, information security risks arising from supply chains and third parties, including IT solution and service providers as well as connected partners, are increasingly recognized as challenges that must be tightly managed to prevent exploitation as transit points or launchpads for attacks.

“According to warnings from authorities, online fraud aimed at appropriating customers’ assets remains complex, requiring close coordination among regulators, credit institutions, payment intermediaries, and users in prevention efforts, as well as public awareness and the protection of customers’ legitimate rights,” Dung said.

Lieutenant General Nguyen Minh Chinh, Standing Vice Chairman of the National Cybersecurity Association, said that digital banking, digital payments, digital finance, and digital asset markets are opening up new opportunities for development. In particular, Vietnam's newly announced financial policies have created conditions for innovation and improving service quality for people and businesses.

However, challenges regarding cybersecurity and information safety include high-tech fraud and scams that are increasingly sophisticated, complex, and cross-border.

“This reality underscores the urgent requirement that development must go hand in hand with security and safety. Financial security in the digital era is not merely a technical or operational issue, but one directly linked to public trust, market stability, and the security and safety of the national economy,” he emphasized.

According to Chinh, Resolution No57-NQ/TW of the Politburo on breakthroughs in science and technology development, innovation, and national digital transformation emphasizes the need for rapid and sustainable development combined with cybersecurity and information safety. This is a foundational condition for building digital trust and national digital sovereignty.

In that spirit, the Law on Cybersecurity 2025, passed by the National Assembly on December 10, 2025 has established a unified legal framework for the protection of cybersecurity and safety. However, from policies to practice, there is always a delay.

Chinh said that focus should be on how entities can share responsibility and form effective coordination between state management agencies, functional forces, the banking-financial system, technology enterprises, and digital service users.

The new law legalizes the classification of information systems into five levels based on the nature of the data and the level of potential impact. The Ministry of Public Security (MPS) has been assigned the role of lead agency to assist the Government in ensuring unified state management.

Instead of fragmented oversight, MPS is responsible for building mechanisms to manage IP address identification and authenticate digital account registration information. 

One provision that highlights the “operational” nature of the new law is the requirement to raise the minimum budget allocation for cybersecurity from 10 percent to 15 percent. This figure is the clearest evidence of a shift from “administrative management” (largely involving paperwork-related costs) to “digital technical standards” (which require substantial investment in hardware, software, and security solutions).

Cybersecurity is now defined as a mandatory investment item, accounting for a significant share of information technology projects.

Thai Khang