Skip to main content

Cyber risk landscape in Vietnam – A view on risk mitigation

Cyber Risk Management|Financial, Executive and Professional Risks (FINEX)

By Nguyen Trung Hieu | January 19, 2021

With the increasing threat from cybersecurity risk, securing businesses becomes a major issue for organizations irrespective of their size.

Vietnam records one of the fastest development rates in the region with a real GDP growth close to 7 percent in 2018 and 2019. Even in a COVID-19 pandemic year, Vietnam is one of the few countries in the world that did not expect a recession in 2020.

Vietnam’s digital economy is expected to top US$43 billion by 2025

In 2018, the e-Conomy SEA report by Google and Temasek referred to Vietnam’s digital economy as a “dragon being unleashed.” In 2019, the same report put Vietnam and Indonesia as countries in the forefront of Southeast Asia’s digital economy growth. Vietnam’s digital economy is expected to top US$43 billion by 2025. Digital transformation holds tremendous potential for Vietnam’s businesses, but in the same time, putting the country and organizations to test, especially on cybersecurity risk. Securing businesses gradually becomes a major issue for organizations irrespective of their size. The COVID-19 pandemic has added more challenges to the business with the unexpected move to work remotely.

Types of cyber risks and its effect

Nowadays, it’s not exaggerating to say every business faces cyber risks since clients, partners, service providers, and employees are all connected via the Internet. Risk can come from (internal) human errors or (external) outside hackers.

Types of cyber risks

  • Ransomware
  • Hacking
  • Phishing
  • Malicious codes
  • Denial-of-Service (DoS) attack

Cyberattacks might result in numerous different outcomes, depending on the hackers’ purpose. Among that, the loss of confidential data and intellectual property, as well as business interruption, are the most frequent consequences.

cyberattacks in H1 2020

According to the Vietnam Ministry of Information and Communications, there have been 2,017 cyberattacks in the 1st half of 2020. On the positive side, the number decreased in 2020 compared to the previous year. However, the statistics only reflect the attacks that have been officially recorded. The complexity and severity of the attacks were not taken into consideration.

Cyberattack cases in the first half of 2020 in Vietnam, of which Phishing accounts for 40%, Deface 39%, Malware 14% & others.
Cyberattack cases in H1 2020 in Vietnam

Source: Ministry of Information and Communications of Vietnam

These kinds of cyberattacks are familiar and can be easily related to any business. Sadly, these attacks will never be prevented fully, and enterprises need solutions such as insurance or crisis management to deal with these when they happen. One bigger concern is that hackers are shifting their target from large enterprises to literally all types of enterprises, whose cyber security might not be fully established.

The role of cyber risk insurance

In the government’s vision by 2030, Vietnam becomes a prosperous digital country that pioneers, trying out new technologies and models; having completed fundamental and comprehensive reforms in Governmental operation, economic activities of enterprises and the way people live and work, and has established a safe, civilized and widespread digital environment. As such, the government puts a lot of attention on the cybersecurity services market, which is an important aspect of a safe and sustainable digital transformation.
It is inevitable that a company in cyber security service needs to cooperate with insurance companies to fill in the gap in cyber risk management for corporations. By combining cybersecurity solutions with cyber insurance, an integrated solution can be offered to the client, from enhancing the security system to respond to a cyber incident when it happens. Ultimately, the integrated solution will serve the purpose to ensure organizations can operate with confidence in the cyber space and play an important role in corporation risk management. Cyber risk insurance can help companies reduce the impact of losses from a cyber incident. Typically, the most common risk that is insured against under cyber insurance is data breaches, which include indemnification from lawsuits and expenses related to data breaches. It also covers losses from network security breaches, theft of intellectual property and loss of income as the result of a cyber incident. The coverage can also be tailored to meet with each client’s nature of business and demand.

Cyber risk insurance market in Vietnam

Although gaining a lot of momentum recently, Vietnam does not have a mature cyber insurance market yet. In fact, the market is newly born with a small size and low penetration rate. Most policies are now provided to big banks and multinational corporations as the requirement of foreign investors. Although there are many cyber incidents, most of them are not publicly disclosed and corporations in Vietnam and still lack awareness of cyber incidents and their consequences. Nevertheless, some recent cyber incidents in Vietnam including the potential leak of two million customers data of a Vietnamese bank, or the cyberattack of a Vietnamese international airport have shown the severe impact that one cyber incident can have on businesses.
Some foreign insurers have provided cyber insurance in Vietnam over the last couple of years while local players mostly acted as local cedants, transferring the risk through reinsurance. Nevertheless, with the encouragement from the authorities, local insurers have recently been developing cyber insurance products and will soon provide them to the market. Local insurers are also actively working with brokers, reinsurers, cybersecurity entities and government authorities to build a comprehensive cyber insurance program with the aim to provide Cyber Insurance products to both large corporations and small and medium enterprises (SMEs).
In Vietnam, the Law on Information Security 2015 is the first step to complete a comprehensive and feasible legal framework for information security. The Law also maximizes resources to ensure network safety and security, protect legitimate rights and interests of organizations and individuals as well as meet the requirements of socio-economic development, national defense and security.
Most recently on June 3, 2020, the Prime Minister of Vietnam signed a Decision "On approving the “National Digital Transformation Program until 2025, with a vision towards 2030” in Decision No.749 / QD-TTg. On Point dd, Clause 5, Section IV, Article 1 of the Decision stated, "Promote insurance for digital transformation, cyber safety and security and e-transactions" and assigned to the Ministry of Finance take charge in performing the task (Point a, Clause 6, Article 2). This is the first time the government states cyber insurance and stresses the need to promote insurance in respect of the digitalization process. We highly believe this will form an important basis for the development of cyber risk insurance in Vietnam in the future.


Every business in Vietnam might face various cyber risks from inside and outside the company and cyber risk can only be reduced but not eliminated. If a cyberattack happens, you could suffer lost data or customer information, financial losses and negative media reports. However, the past cyber incidents showed that defense is much more difficult than attacks while cybercriminals can exploit one small breach to cause severe consequences. While prevention will definitely be the first protection, cyber insurance will play the second most important role to help you recover financially when a cyber incident happens.


Nguyen Trung Hieu
Lead Associate – FINEX, Willis Towers Watson Vietnam

Contact Us