Many organizations in Vietnam still favor foreign-made cybersecurity products, often at a high cost, not necessarily for superior protection but to shield themselves from blame if their systems are breached.

A December 2024 survey conducted by the National Cybersecurity Association (NCA) found that only about 24.77% of cybersecurity products and services used by local organizations are made in Vietnam - a clear sign that domestic solutions are struggling on home ground.

At a roundtable discussion titled “Cybersecurity Law 2025 – Advancing Technological Sovereignty” held in Hanoi on November 17, Nguyen Minh Duc, Chairman of the Cybersecurity Services Club and CEO of CyRadar, said the figures reflect a deep-rooted distrust of local products and a dependence on foreign technology. This mindset, he argued, is a major challenge for Vietnam’s ambitions to build a self-reliant cybersecurity industry.

Psychological safety in expensive imports

DSC_4238.JPG

Assoc. Prof. Dr. Nguyen Ai Viet speaks about domestic cybersecurity layers at the November 17 roundtable in Hanoi. Photo: NCA

Assoc. Prof. Dr. Nguyen Ai Viet, Director of the Institute for New Generative Intelligence and Technology in Education (IGNITE), has long understood this preference for foreign technology.

Having worked extensively in e-government and cybersecurity, he recalled issuing warnings about vulnerabilities in digital systems more than 15 years ago - warnings that were largely ignored. In one case, the chairman of a major bank confidently claimed that no breaches could happen because they had spent a great deal of money on top-tier security solutions.

Viet outlined several reasons why banks, corporations, and large organizations tend to avoid local cybersecurity products: a belief in the superiority of foreign brands, a dismissal of Vietnamese technology, and a desire to purchase peace of mind. Moreover, many leaders lack awareness of cybersecurity issues, leaving decisions to subordinates, and fear being held responsible if things go wrong.

“If you use an expensive foreign product and still suffer a breach, you can say, ‘I chose the best - if this didn’t work, nothing could.’ But if a local product fails, you’ll be blamed: ‘Why did you use a domestic solution?’” Viet explained.

Foreign tools have critical limitations

Despite their reputation, foreign cybersecurity products are not without flaws.

According to Viet, many global vendors provide weak local support, lack offices in Vietnam, and take months to respond to issues - long after systems may have been compromised. Some solutions also contain backdoors, making them unsuitable for national security. They may not meet Vietnam’s specific policies and standards, and are slow to adapt to new developments.

That’s why, he argued, there must be a domestic defense layer in cybersecurity architecture. While not as powerful as foreign tools, local solutions can be customized to Vietnam’s needs and address obvious vulnerabilities that international products may overlook.

“If organizations continue to ignore domestic products, our cybersecurity companies will never grow strong,” he emphasized.

Encouraging, not mandating, local adoption

DSC_4147.JPG
Senior Lieutenant Colonel Nguyen Dinh Do Thi discusses the draft Cybersecurity Law at the event. Photo: NCA

The draft Cybersecurity Law 2025 marks the first time the Vietnamese government has introduced policies to “encourage agencies, organizations, and individuals to use domestic cybersecurity products and services.” The law identifies cybersecurity as a strategic industry and seeks to guide market development for local firms.

It also mandates that government agencies, state-owned enterprises, and political organizations allocate at least 10% of their technology investment budget to cybersecurity, helping to build a domestic market and drive safer digital transformation.

However, the law stops short of mandating the use of local solutions.

Senior Lieutenant Colonel Nguyen Dinh Do Thi, Deputy Head of the Network Information Security Division under the Ministry of Public Security, told VietNamNet that this approach ensures fairness and respects users’ right to choose.

“Vietnam’s international trade agreements guarantee free trade and market access. That’s why the law only encourages, rather than enforces, the use of domestic products. This aligns with our existing laws and international commitments,” he explained.

To fairly compete, Vietnamese cybersecurity companies cannot rely on patriotic appeals alone. According to the draft law, all products must undergo evaluation and certification.

Raising the standard for local cybersecurity

Vu Ngoc Son, Head of Technology at NCA, said Vietnamese companies need to meet technical and quality standards to gain traction in their own market.

Previously, there were no legal requirements for product evaluations, but the new law makes this mandatory. He stressed the urgent need for national standards and regulations to establish a framework for assessing products, services, and talent.

“With Vietnamese standards in place, we won’t need to spend hundreds of millions - or even billions - of dong on international certificates just to qualify for domestic contracts. It’s time we stop treating foreign standards as default,” he said.

From an industry perspective, Nguyen Minh Duc emphasized that cybersecurity firms must invest more in research and development to create competitive products.

They should also promote their brands, improve product image, and earn international certifications and awards to raise their profile both at home and abroad.

Du Lam