Vietnam is set to introduce its own "measuring stick" for cybersecurity maturity. The Ministry of Public Security, through the Department of Cybersecurity and High-Tech Crime Prevention (A05), is preparing to issue a national cybersecurity index - part of a broader national security index - to assess how prepared state agencies, organizations, and businesses are in the face of growing digital threats.

This key information was shared by Major Tran Trung Hieu, Deputy Director of the National Cybersecurity Center under A05, during a panel discussion on May 21 in Hanoi, themed “Cyber incident readiness maturity of Vietnamese organizations and enterprises.”

According to Vu Ngoc Son, Head of Research, Development, and International Cooperation at the National Cybersecurity Association (NCA), the readiness of Vietnamese organizations remains significantly below global standards.

Citing a Cisco survey released in early May, he noted that only 11% of Vietnamese enterprises have achieved "mature" cybersecurity capabilities - defined as being able to effectively respond to cyber threats. While this is higher than the global average of 4%, the gap between readiness and actual threat level remains stark.

A 2024 NCA survey revealed that many organizations lack basic cybersecurity infrastructure and personnel:

35.87% had no data backup or recovery plan
52.89% lacked a security operations center (SOC)
46.2% had not implemented ISO standards
20.6% had no dedicated cybersecurity staff

35.56% had fewer than 5 cybersecurity personnel, while maintaining a 24/7 SOC requires at least 8–10 roles
In response, Major Hieu noted that A05 is deploying support initiatives across sectors, especially for small and medium-sized enterprises (SMEs). These efforts include drafting a National Standard on Cybersecurity for Critical IT Systems, aimed at providing a framework for agencies and businesses to build their security strategies.

More significantly, A05 is developing a Cybersecurity Maturity Index, expected to rate organizations on a 100-point scale. Regular assessments based on this index will help institutions benchmark their capabilities and track improvement over time.

The index is part of broader legislative reforms, including the proposal to unify the 2015 Law on Information Security and 2018 Law on Cybersecurity into a single Cybersecurity Law (2025), expected to be presented at the National Assembly in October 2025.

"Instead of using foreign standards that may not fit Vietnam’s reality, having a localized national framework is essential," said expert Vu Ngoc Son. He believes the upcoming standard and maturity index will help organizations self-assess and compare cybersecurity performance across sectors.

Stressing that “no organization is immune from attacks,” Son called for a proactive shift in cybersecurity postures - including preventive defense and incident response planning.

NCA representatives emphasized the importance of a coordinated approach: legal frameworks, standardized guidelines, a national incident response alliance, and an active community of experts are all necessary to reduce the damage of cyberattacks.

Agreeing with this view, Tran Quoc Chinh, CEO of CMC Cyber Security, noted the importance of maintaining detailed system architecture and documentation. These records proved crucial in helping his company quickly recover from a ransomware attack in April 2025.

"Having accurate, detailed system documentation shortened our recovery time significantly," Chinh stated.

Van Anh