Hanoi (VNA) – The Government’s Decision No. 433/QD-TTg, issued on March 16, approving a digital transformation plan for small- and medium-sized enterprises (SMEs) for 2026–2030, sets an ambitious target of supporting at least 500,000 firms, including 300,000 adopting digital technologies and platforms, and artificial intelligence.
While the decision marks a strategic push to deepen digital transformation, it also underscores an urgent need to strengthen cybersecurity for SMEs, which often face constraints in resources, skilled personnel and defensive capabilities.
According to the Ministry of Finance, SMEs account for 97–98% of all businesses in Vietnam, with nearly 1.1 million firms operating as of the end of 2025. A Politburo Resolution on private sector development noted that SMEs contribute around 50% of GDP, more than 30% of total State budget revenue, and employ about 82% of the workforce, making them a pillar of the economy.
However, SMEs are also among the most vulnerable groups to cyber risks. A report by the National Cybersecurity Association showed a worrying surge in cyberattacks in 2025, with approximately 552,000 incidents recorded nationwide, affecting over 52.3% of agencies, organisations and businesses.
Cybercriminals are increasingly targeting organisational data and operations, using advanced methods supported by artificial intelligence, deepfake technologies and persistent intrusion techniques. SMEs are often seen as the “weak link” due to limited financial resources, a shortage of specialised personnel, and insufficient awareness of comprehensive cybersecurity.
Vu Duy Hien, Deputy Secretary-General and Chief of Office of the association, warned that for SMEs, incidents such as fraud, data breaches, malware infections or brand impersonation can directly damage reputation, customer trust and even survival. Many firms still use unverified software, counterfeit applications or untested technologies, creating entry points for cyberattacks.
Experts say that while awareness of digital transformation among SMEs has improved, significant barriers remain, including limited finance, technology, human resources, support ecosystems, and gaps between policy and implementation.
Nguyen Hoa Cuong, Deputy Director of the Institute for Policy and Strategy Studies under the Party Central Committee's Commission for Policies and Strategies, identified four key cybersecurity challenges facing SMEs. First are growing threats, as the number of compromised devices and malware infections continues to rise.
Second are vulnerabilities in supply chains. Businesses operate in interconnected networks, meaning weak security at any point can expose the entire system. Yet SMEs often invest minimally in cybersecurity and respond only after incidents occur.
Third is the lack of long-term strategy. Many firms have only partially digitised operations rather than implementing comprehensive transformation, making it difficult to ensure cybersecurity alongside digitalisation. Dependence on digital platforms such as social media also exposes businesses to risks when algorithms or policies change.
Finally, resource constraints remain a fundamental challenge, with limitations in finance, workforce and infrastructure continuing to hinder both digital transformation and competitiveness.
Ensuring digital safety is not only a matter of national security but also a critical safeguard for sustainable business development. Building a secure digital ecosystem for SMEs requires close coordination among government agencies, professional organisations, technology firms, media and the business community.
To this end, the National Cybersecurity Association has launched an initiative to support SMEs, aiming to connect regulators, industry groups, media and domestic and international partners. The initiative focuses on three commitments: mobilising resources to reduce isolation among SMEs, sharing practical knowledge and policy guidance, and providing timely support and rapid incident response.
Hien stressed that the association’s support will go beyond theory, offering practical, tailored solutions suited to SMEs’ financial capacity and operational needs.
For businesses themselves, Cuong recommended adopting “cyber hygiene” practices, including antivirus software, firewalls, strong password policies, data encryption and multi-factor authentication. He also highlighted the 3-2-1 backup rule, which requires at least three copies of data, stored on two different media, with one kept offline.
Additionally, SMEs are encouraged to shift to cloud-based systems, use licensed software instead of unverified versions, and adopt standardised cybersecurity frameworks.
Experts emphasised that digital safety is not a destination but a continuous journey. With coordinated support, SMEs can gradually enhance their resilience, protect their assets, and achieve sustainable growth in the digital era./.
