The data security landscape in Vietnam is showing a concerning paradox: the number of cyberattacks is decreasing, yet actual damage is increasing.

According to the National Cybersecurity Association, 2025 recorded about 552,000 cyberattacks, down nearly 19.4 percent compared to 2024. However, 52.3 percent of agencies, organizations and businesses reported suffering damage, a sharp increase from 46.15 percent the previous year.

This shift reflects a clear trend: hackers are no longer “attacking broadly” but are moving toward “attacking deeply.” Instead of merely disrupting systems, attacks are increasingly focused on stealing valuable data, especially personal and customer data.

Cybersecurity experts say advanced persistent threats (APT), ransomware and data theft are becoming dominant trends. Many attack campaigns are now organized in multi-layered models, combining techniques such as DDoS attacks, malware deployment and system intrusion to maximize data seizure.

Personal data of Vietnamese users is becoming a “gold mine” in cyberspace. On many forums, data packages are openly traded, including identification information, phone numbers, addresses, and even KYC data from users on digital platforms.

The consequences go beyond information security breaches. In 2025, losses from online fraud related to personal data exploitation were estimated to exceed VND6,000 billion, highlighting the severity of data leaks in the digital economy.

Legal compliance

On January 1, 2026, the Law on Personal Data Protection took effect, marking a vital step in establishing a legal framework for privacy and data safety in Vietnam. 

Passed by the National Assembly in June 2025, the law defines the rights of data owners and the responsibilities of organizations throughout the data processing lifecycle. Accompanying this is Decree 356/2025/ND-CP, which specifies implementation requirements in fields such as finance, technology, e-commerce, and the public sector.

Since early 2026, many enterprises have begun reviewing data management systems, updating internal policies, and establishing data control processes according to new standards. This effort is not only about legal compliance but also about strengthening the trust of customers and partners.

However, implementation faces numerous challenges. For SMEs, correctly understanding the law's scope, classifying data, and selecting appropriate technical solutions remain complex tasks. Risk situations in user data processing, especially in e-commerce and digital platforms, show that legal compliance is a comprehensive challenge involving both governance and technology.

In this context, building a comprehensive data governance system is an urgent requirement. Organizations need to strictly control the entire data lifecycle, from collection, storage and processing to sharing, while ensuring the rights of data subjects in accordance with regulations.

Data as strategic "new resource"

Speaking at a recent workshop on Personal Data Protection, Nguyen Khac Lich, Director General of the ICT Industry Authority (Ministry of Science and Technology), stated that data has become a core factor of production which determines enterprises’ competitiveness.

Technologies such as AI, Big Data, the Internet of Things (IoT), and Cloud Computing are reshaping the socio-economic landscape, with data at the center.

Party General Secretary To Lam emphasized that data is the “air and light” of the new era, a strategic resource.

However, the greater the value, the higher the risk. Protecting personal data is not only a legal requirement but also directly linked to human rights, privacy and social trust.

According to Lich, compliance with data regulations should be viewed as a new growth driver rather than a barrier.

First, the law helps build a transparent and secure digital data market, encouraging people to share data in exchange for better services. Technologies such as data anonymization allow value extraction while preserving privacy.

Second, compliance enables businesses to standardize governance, enhance credibility and improve their ability to participate in global supply chains, especially in high-standard markets such as Europe.

Third, it opens up opportunities for the development of regulatory technology (RegTech), a promising new field for Vietnamese tech companies.

Finally, and most importantly, data protection is the foundation for building digital trust, a key factor for sustainable digital transformation.

In an era where data is often likened to the “new oil,” businesses no longer have the option to choose between growth and security. The challenge is to achieve both: extracting data value while safeguarding user trust. Those who solve this equation will gain a decisive advantage in the increasingly intense race for digital transformation.

Du Lam