Illustration photo. Experts emphasise that cybersecurity is not just a market issue but a matter of national security. — Photo baotintuc.vn

HÀ NỘI — As cyberattacks surge and the Cybersecurity Law 2025 introduces strong incentives to strengthen domestic defence capabilities, the shift toward using locally developed solutions is no longer merely an economic choice but an essential step toward digital sovereignty.

The growth of 'Make in Việt Nam' cybersecurity products has long been held back by a widespread tendency among organisations to favour foreign technologies.

A survey by the National Cybersecurity Association (NCA) in December last year showed that organisations in Việt Nam use only 24.77 per cent domestic cybersecurity products and services on average. This figure clearly reflects a heavy dependence on foreign technologies.

Cybersecurity experts emphasised that this was not just a market issue but a matter of national security, as cyberspace had become a new battleground with rapidly escalating cybercrime and increasingly sophisticated attacks.

Nguyễn Ái Việt, director of the Institute of Generative New Intelligence Technology and Education (IGNITE), noted that 'foreign preference' in cybersecurity had existed for many years.

He noted that although foreign cybersecurity products often excelled technologically, their post-sale support was weak, and some vendors did not even have offices in Việt Nam. 

As a result, when incidents occurred, local organisations might be left waiting weeks or even months for help while their systems had been exposed, he noted.

Moreover, he said that foreign products often struggled to meet Việt Nam’s specific regulatory requirements and were slow to adapt to new attack trends.

For this reason, he asserted that Việt Nam must have a domestic defence layer within its overall cybersecurity architecture. 

Local solutions might not yet be as strong as foreign ones, but they were designed to Việt Nam’s situation and could effectively address many 'obvious vulnerabilities' overlooked by international products.

Sharing this view, Nguyễn Minh Đức, CEO of CyRadar, believed that developing a Vietnamese cybersecurity ecosystem must start with domestic usage.

He explained that for Vietnamese companies to compete, they needed real-world threat data from local customers, sufficient revenue to reinvest in R&D, and user feedback to refine their products. 

Without domestic adoption, they could not grow, much less compete with global corporations, he noted.

A key factor shaping the domestic cybersecurity market is the newly adopted Cybersecurity Law 2025, which, for the first time, introduces a policy encouraging agencies, organisations, and individuals to use cybersecurity products and services developed by Việt Nam.

Although not mandatory, this policy is considered a market-shifting signal. Notably, the law states that cybersecurity spending by government agencies, state-owned enterprises, and political organisations must account for at least 10 per cent of total IT project budgets.

This creates a multi-trillion-VNĐ market annually, freeing domestic cybersecurity firms from having to persuade each unit individually to secure funding.

Lieutenant Colonel Nguyễn Đình Đỗ Thi from the Ministry of Public Security clarified that the law encouraged but did not mandate usage, ensuring compliance with international trade commitments and maintaining fair competition. Vietnamese companies must win on real product quality.

The Law also introduces a new requirement that all products on the market must undergo evaluation and certification, which marks a major shift from previous years when companies had no such obligation.

Vũ Ngọc Sơn, a NCA representative, stressed the need to quickly finalise national standards and technical regulations to establish an objective evaluation framework. 

With Vietnamese standards in place, local firms would no longer have to spend hundreds of millions of Vietnamese đồng on foreign certifications and would have clear benchmarks for competing with international products, he added.

In addition, Việt proposed several measures to strengthen domestic defence capabilities, including allowing the collection of network data to develop defence rules tailored to Việt Nam, legalising white-hat hacking activities and promoting red team/blue team exercises to build a 'digital immune system', and regulating the use of AI in government agencies while restricting the uploading of confidential documents to foreign platforms. — VNS