Rising threats amid a cybersecurity workforce shortage

Despite the growing severity of cyberattacks targeting Vietnam’s information systems - particularly the critical infrastructures of government bodies, organizations, and enterprises - the country continues to face an alarming shortage of cybersecurity personnel.

According to the National Cybersecurity Association (NCA), this shortage leads to an overload in risk management and reduces the effectiveness of incident response, leaving organizations vulnerable to cyberattacks that could result in major financial and reputational losses.

A survey conducted by the NCA at the end of 2024 revealed that more than 20.06% of organizations reported having no dedicated cybersecurity personnel, while 35.56% employed no more than five staff members in such roles - a figure that falls far short of actual needs.

To ensure proper cybersecurity monitoring through a 24/7 SOC (Security Operations Center) model using three shifts and four teams, each organization requires a minimum of 8 to 10 dedicated positions. Falling short of this staffing level exposes organizations to operational inefficiencies and significant risks.

The 2024 Global Cybersecurity Index (GCI), released by the International Telecommunication Union (ITU) in September 2024, showed that among the five evaluated pillars, Vietnam fell short of achieving a perfect score only in the area of capacity development.

Nguyen Tuan Anh, Chairman of cybersecurity firm SCS, explained that ITU’s assessment of capacity development reflects awareness campaigns, training programs, education initiatives, and incentives that support the cybersecurity workforce; national curricula; and capacity-building policies.

With over 78 million internet users and a broad demographic of online users, Vietnam has already taken early steps to invest in cybersecurity awareness, training, and educational initiatives.

“However, clearly, much more effort and resources are needed to expand and scale these initiatives effectively,” Tuan Anh noted.

Solving Vietnam’s cybersecurity talent shortage

Exploring the causes of Vietnam’s shortage of dedicated cybersecurity personnel, Vu Ngoc Son, CTO of NCS and Head of Technology at NCA, pointed to both internal and external factors.

“Cybersecurity training programs in Vietnam do not produce enough graduates to meet market demand. Graduate quality varies, and most students lack practical experience, making it difficult for them to work on critical systems. Additionally, many organizations - especially small and medium-sized enterprises - do not fully recognize the importance of cybersecurity, leading to underinvestment in specialized personnel,” Son explained.

In an interview with VietNamNet on April 25, Khong Huy Hung, CEO of VNCS, reiterated that Vietnam’s cybersecurity labor market remains critically undersupplied.

Hung noted that although Vietnam has many talented and tech-savvy young people, the biggest challenge is the gap between academic knowledge and real-world business needs.

“Many top graduates are still unprepared for the workplace because they’ve never encountered real-world scenarios and don’t understand how defense systems operate in practice,” he said.

“This reality is one of the reasons we launched our first talent internship program specifically for students passionate about cybersecurity. The program offers hands-on experience, exposure to modern technology, and helps students build career paths while still in school,” Hung emphasized.

From the perspective of a professional association in cybersecurity and digital transformation, experts from the National Cybersecurity Association suggested that organizations consider outsourcing professional SOC monitoring and operations services. This shared-resource approach could help address the workforce gap.

“In addition, Vietnam urgently needs to develop standardized frameworks, certifications, and official evaluation systems for cybersecurity professionals. These standards would help formalize and professionalize the sector, motivating talent to continually improve their skills and capabilities,” the association expert stated.

Van Anh