Digital Transformation and Cybersecurity Challenges for Small and Medium-sized Enterprises (SMEs) in Vietnam (2025–2026)

The period of 2025–2026 marks a critical turning point in Vietnam’s digital economy development. While 2020–2024 was largely a foundational phase focused on awareness building and basic digital infrastructure adoption, the current stage represents a shift toward depth, operational effectiveness, and measurable performance outcomes.

For small and medium-sized enterprises (SMEs)—which account for over 97% of all businesses and contribute significantly to national GDP—digital transformation is no longer a strategic option but a business imperative. In an increasingly competitive global value chain, digital adoption has become essential to maintaining relevance, scalability, and long-term competitiveness.

However, this transition is unfolding amidst an unprecedented and highly volatile cybersecurity landscape. Emerging technologies such as Artificial Intelligence (AI), Cloud Computing, and Big Data offer substantial productivity gains, yet simultaneously expand the attack surface for cybercriminals. A widening security gap is evident between the pace of technology adoption and SMEs’ actual capabilities in data protection and cyber resilience.

In 2025 alone, Vietnam is projected to face approximately 552,000 cyberattacks, with data becoming the primary target. Cyber threats have evolved beyond traditional malware into sophisticated Advanced Persistent Threats (APTs), next-generation ransomware with double-extortion tactics, and social engineering attacks targeting human vulnerabilities. Compounding these risks, regulatory pressures—such as Decree 13/2023/ND-CP on Personal Data Protection—are placing significant cost and resource burdens on SMEs that already operate with limited capital and specialized expertise.

2. Macroeconomic Context and Digital Transformation Policy (2025–2026)

2.1. Strategic Positioning and Pressures from the “Third Wave”

Vietnam has set ambitious targets for the digital economy to account for 20% of GDP by 2025 and 30% by 2030. To realize these goals, SME participation is mission‑critical. Macroeconomic analyses indicate Vietnam is entering a “third wave” of technology adoption—a shift from digitizing isolated processes to integrated, data‑driven operations and omnichannel e‑commerce at scale. [8] The drivers pushing SMEs to transform are both internal and external:

Global supply chain requirements: International partners and upstream FDI leaders increasingly demand data transparency, ERP/CRM interoperability, and adherence to ESG governance standards. [9] Digital consumer behavior: The surge in cashless payments and online shopping compels businesses to build robust digital presences to reach and convert customers.
National policy tailwinds: Programs like SMEdx (the national SME digitalization program) from the Ministry of Information and Communications lower entry barriers via preferred‑pricing digital platforms, accelerating adoption among SMEs. [3]

2.2. The “Twin Transition” and the Shadow AI Paradox

2025 marks not only a digital shift but a twin transition that couples Digital Transformation with Green Transformation. AI is becoming a core enabler to optimize resources, orchestrate greener supply chains, and cut emissions—while enhancing customer personalization and operational efficiency for SMEs. [9] Yet AI’s rapid proliferation exposes a security paradox: “Shadow AI.” In practice, employees at SMEs often use public AI tools (e.g., ChatGPT, online translators, code generators) to process internal data without IT oversight. Sensitive assets—financial reports, source code, customer records—can be uploaded to third‑party services, increasing the risk of data leakage and loss of IP control if used for model training. Alarmingly, 62% of organizations in Vietnam report they cannot reliably detect staff using external AI tools. [11]

2.3. The Cybersecurity Talent and Budget Gap

Despite rising awareness of Digital Transformation, execution capacity—especially cybersecurity—remains a critical weakness among Vietnamese SMEs.

Talent crisis: Vietnam faces an estimated shortfall of ~120,000 qualified cybersecurity professionals. [12] SMEs struggle to compete on compensation, leaving critical IT systems to overstretched generalists or lightly supervised outsourcing.
Budget constraints: Advanced protections (e.g., SOC, SIEM) often exceed SME budgets. As a result, limited IT spending flows to revenue‑generating apps (sales, marketing) over security hardening, widening risk exposure. [7]

3. Detailed Threat Landscape: SME‑Specific Characteristics (2025–2026)

The 2025 threat environment shows a qualitative shift. Rather than broad, random malware blasts, attackers increasingly run targeted campaigns, probing the weakest links in supply chains—SMEs—who often hold partner data but lack enterprise‑grade defenses. [4] 3.1. Ransomware 2.0: Double‑Extortion and the Rise of RaaS
Ransomware remains a top threat, but methods are escalating in severity for SMEs.

Scale and frequency: Over 155,600 endpoints in Vietnam have recently been recorded as hit by ransomware. [13] “Double extortion”: Adversaries exfiltrate sensitive data first, then encrypt systems. Even if victims restore from backups, attackers threaten to leak customer records or trade secrets on the Dark Web, directly damaging brand equity—often the most valuable SME asset. [4] RaaS proliferation: Ransomware‑as‑a‑Service lowers the bar for entry, enabling low‑skill actors to rent toolkits and mass‑target Vietnamese businesses. Groups like Qilin and Dragonforce are reportedly increasing activity at a triple‑digit growth rate. [14]

3.2. Social Engineering and Phishing: Exploiting the Human Layer

Social engineering is becoming more sophisticated with Generative AI crafting highly convincing lures.

HR‑targeted phishing: In 2025, HR has become a “data goldmine.” Attackers send weaponized CVs or spoofed requests (e.g., payroll changes). Because HR must open files from unknown senders, it’s an easy entry point. Stolen PII across the workforce can trigger legal exposure under data protection rules. [13] BEC (Business Email Compromise): Financially, BEC is the costliest. Threat actors mirror tone, signatures, and timing to impersonate CEOs or suppliers, diverting payments with surgical precision—even seasoned staff can be duped. [16]

3.3. Loss Metrics and Economic Impact

The numbers highlight the macro impact on Vietnam’s digital economy:

Breach prevalence: 52.3% of organizations report cyber harm in 2025, up from 46.15% in 2024—suggesting fewer but more effective, higher‑impact attacks. [4] Financial losses: Online fraud losses in Vietnam are estimated at over VND 6,000 billion in 2025. [18] Impact on SMEs: 43% of small firms report cyber incidents, with average losses up to USD 180,000—enough to disrupt cash flow and push a typical SME toward insolvency. [7]

Table 1: Classification and Comparison of Key Cybersecurity Threats in 2025

4. Decree 13/2023/ND‑CP: Compliance Pressure and a Business Survival Test

Decree 13/2023/ND‑CP on Personal Data Protection, which came into force and began exerting strong impact during 2024–2025, is widely referred to as the “Vietnamese GDPR.” While large enterprises view compliance primarily as a process realignment exercise, for SMEs, the decree represents a significant shock in terms of cost structure, operational complexity, and legal liability. [7]

4.1. Core Compliance Requirements Creating Pressure on SMEs

The decree mandates a range of stringent technical and administrative controls, many of which place disproportionate burdens on SMEs:

Personal Data Processing Impact Assessments (DPIA):
Businesses are required to document risk assessments and submit reports to the Ministry of Public Security (A05 Department). This process demands deep legal and technical expertise—capabilities that most SMEs lack in‑house. [7]

Data Subject Rights Enablement:
Companies must deploy systems capable of responding to data access, correction, extraction, or deletion requests from customers and employees within 72 hours. For SMEs operating with fragmented IT stacks—data scattered across Excel files, Zalo chats, and standalone accounting software—this requirement is nearly unachievable without end‑to‑end digital transformation. [7]

Cross‑border Data Transfer Controls:
Restrictions on transferring data abroad create major friction for SMEs relying on low‑cost international cloud services without local data centers, pushing them to reassess migration toward domestic platforms. [19]

4.2. Penalties and the “Compliance Gap”

Administrative penalties for violations may reach VND 3 billion, or be calculated as a percentage of revenue depending on legal interpretations and breach severity. For SMEs, such fines can be existential, effectively forcing business shutdown. Additional sanctions—such as public disclosure of violations—can severely undermine customer trust and cause long‑term brand damage. [11] Expert analysis suggests SMEs are the most vulnerable segment under Decree 13 [7]:

Startups: Benefit from certain compliance exemptions during the first two years of operation.
Large enterprises: Possess substantial budgets and dedicated legal teams to manage compliance.
SMEs: Receive no exemptions, lack large budgets, yet face equivalent legal accountability—making them the deepest compliance risk zone. A critical factor is awareness: many SME owners still view cybersecurity as an IT issue rather than a board‑level legal responsibility. [7]

5. Solution Ecosystem and Strategic Response for SMEs

Amid converging technical and regulatory challenges, solutions for SMEs in 2025–2026 must follow three principles: cost‑efficient, easy to deploy, and compliance‑ready by design. The “Make in Vietnam” technology ecosystem plays a pivotal role in addressing this challenge.

5.1. The Strategic Role of the SMEdx Program

The Ministry of Information and Communications launched SMEdx, a national SME digital transformation program with a pragmatic approach: certifying and promoting best‑in‑class Vietnamese digital platforms for SME adoption. [3]

Support mechanisms:
SMEdx partners (e.g., MISA, Base, 1Office, VNPT oneSME) offer discounted pricing, free trial periods (typically 3–6 months), and onboarding support. [23]

Built‑in security advantage:
By adopting SMEdx platforms, SMEs effectively “stand on the shoulders of giants.” Instead of operating insecure on‑premise systems, SMEs leverage SaaS models, where providers already maintain ISO 27001‑certified infrastructure, Tier‑3 data centers, and native compliance with Decree 13. [24]

5.2. Key Domestic Solution Providers

Vietnam’s major technology firms have developed SME‑focused, security‑embedded solutions:
VNPT

oneSME: A B2B digital marketplace offering transformation solutions, powered by nationwide Tier‑3 IDCs and certified Level‑3 information security compliance. [24] VNPT Cloud: Ensures data localization within Vietnam, fully addressing data sovereignty and compliance requirements. [25]

Viettel

Integrated SME ecosystem: Bundled solutions with FTTH subscriptions—including Viettel CA (digital signatures), e‑invoicing, and digital social insurance—offering SMEs a near‑zero‑cost operational baseline. [26] Viettel Cloud & Security: Market leader in data centers, providing DDoS protection and web application security services. [27]

FPT

Kyta & FPT.eContract: AI‑enabled digital contracting platforms that reduce physical document risk and ensure legal integrity of electronic transactions. [28] FPT Smart Cloud: Delivers AI‑driven security monitoring and SOC services, supporting more advanced SME needs. [29]

CyStack

Security‑by‑design tools for SMEs: Lightweight solutions such as VulnScan (automated vulnerability scanning), Locker (secure password management), and Endpoint Security, enabling SMEs to proactively detect risks without dedicated security teams. [7]

5.3. “Democratized” and Free Cybersecurity Tools

Free security tools have become a lifeline for budget‑constrained SMEs.

Khonggianmang.vn (NCSC):
Vietnam’s National Cyber Security Center provides four essential free tools: credential leak detection, malware scanning, phishing website validation, and IP reputation checks—allowing businesses to verify email domain blacklisting at no cost. [31]

Anti‑Scam Initiative (Chongluadao.vn):
A non‑profit project offering a browser extension that instantly warns users of phishing or fraudulent websites, providing an effective, zero‑cost human‑layer defense against phishing attacks. [35]

Table 2: Comparative Overview of Cybersecurity Solution Options for SMEs

6. Information Security Strategy: Roadmap and Recommendations

6.1. A Pragmatic “Zero Trust” Strategy for SMEs

SMEs cannot realistically deploy a full‑scale Zero Trust architecture like large financial institutions. However, they can and should adopt its core principles in a simplified, cost‑effective manner:

Multi‑Factor Authentication (MFA):
Mandatory two‑factor authentication should be enabled for all critical accounts—email, admin access, and banking platforms. This is the lowest‑cost, highest‑impact control, capable of reducing account‑takeover risks by up to 99%.

Immutable Data Backups:
The 3‑2‑1 backup rule (three copies, two formats, one offline) remains the most reliable defense against ransomware. Leveraging domestic cloud backup services ensures business continuity even if primary systems are encrypted. [13]

Principle of Least Privilege:
Employees should access only the data necessary for their roles. Restricting admin rights on end‑user devices significantly reduces exposure to malware installation and Shadow IT risks.

6.2. Policy Support Recommendations (2025–2026)

Relieving compliance pressure on SMEs requires coordinated intervention from regulators:

Direct financial support:
Allocate at least 10–20% of local IT support budgets to cybersecurity investments, including security tools and workforce training. [37]

Simplified compliance frameworks:
Authorities should issue SME‑specific DPIA templates and standardized guidelines, reducing legal uncertainty and administrative overhead.

Promotion of cyber insurance:
Accelerate development of the cyber insurance market, enabling SMEs to transfer residual financial risk when incidents occur.

6.3. Recommended Action Roadmap for SMEs

SMEs should adopt a phased execution model to optimize limited resources:

Phase 1 – Immediate Actions: System Hygiene

• Use NCSC tools to detect corporate email data leaks.
• Deploy Chongluadao browser extensions across all employee workstations.
• Enable 2FA on every business‑critical account.

Phase 2 – Short Term (3–6 months): Secure Cloud Migration

• Enroll in SMEdx to trial certified digital platforms.
• Migrate critical data to domestic cloud providers (VNPT, Viettel, FPT) to ensure Decree 13 compliance and automated backups.

Phase 3 – Long Term: Security Culture Building

• Conduct regular employee training on phishing awareness.
• Establish a basic incident response playbook (who to contact, network isolation steps, escalation procedures).

7. Conclusion

Digital transformation in Vietnam during 2025–2026 has entered a decisive phase—no longer focused on adoption speed, but on quality, resilience, and sustainability. For the 97% of businesses that are SMEs, the journey ahead offers immense opportunity through AI and cloud technologies, yet is fraught with escalating cyber threats and unprecedented regulatory pressure.
In the digital economy, survival is no longer about who moves fastest—but who operates most securely. Investment in information security should not be viewed as a cost burden, but as risk insurance for digital assets, brand integrity, and customer trust. Success depends on alignment across three forces:

• Government, providing clear legal frameworks and pragmatic financial support;
• Large technology providers, delivering shared, enterprise‑grade security infrastructure;
• SME leaders, fundamentally shifting mindset from reactive damage control to proactive risk prevention.

Only by securing trust and data safety can Vietnam’s digital economy truly scale and achieve its ambitious 2030 growth objectives.

Nguồn trích dẫn

1. Chuyển đổi số cho doanh nghiệp vừa và nhỏ tại Việt Nam – Thực trạng và khuyến nghị chính sách, truy cập vào tháng 1 14, 2026, https://lyluanchinhtri.vn/chuyen-doi-so-cho-doanh-nghiep-vua-va-nho-tai-viet-nam-thuc-trang-va-khuyen-nghi-chinh-sach-7054.html
2. Digital Transformation in Small and Medium Enterprises (SMEs) in Vietnam – International Journal of Advanced Multidisciplinary Research and Studies, truy cập vào tháng 1 14, 2026, https://www.multiresearchjournal.com/admin/uploads/archives/archive-1757669449.pdf
3. Khởi động Chương trình Hỗ trợ doanh nghiệp nhỏ và vừa được hỗ trợ chuyển đổi số SMEdx – Báo Thanh tra Việt Nam, truy cập vào tháng 1 14, 2026, https://thanhtra.com.vn/kinh-doanh-A08BE54D6/khoi-dong-chuong-trinh-ho-tro-doanh-nghiep-nho-va-vua-duoc-ho-tro-chuyen-doi-so-smedx-5DD899EE.html
4. Tấn công mạng Việt Nam 2025: Số vụ giảm, tổn hại tăng, truy cập vào tháng 1 14, 2026, https://thanhnien.vn/tan-cong-mang-viet-nam-2025-so-vu-giam-ton-hai-tang-185260113140815902.htm
5. Khoảng 552.000 cuộc tấn công vào các hệ thống thông tin tại Việt Nam trong năm 2025, truy cập vào tháng 1 14, 2026, https://www.vietnam.vn/khoang-552-000-cuoc-tan-cong-vao-cac-he-thong-thong-tin-tai-viet-nam-trong-nam-2025
6. 5 Hình Thức Tấn Công Phishing Phổ Biến 2025 Nhắm Vào Nhân Sự – HR1Tech, truy cập vào tháng 1 14, 2026, https://hr1tech.com/vi/news/5-hinh-thuc-tan-cong-phishing-pho-bien-2025-nham-vao-nhan-su-1260.html
7. Những thách thức của Nghị định 13 đối với doanh nghiệp vừa và nhỏ – CyStack, truy cập vào tháng 1 14, 2026, https://cystack.net/vi/blog/thach-thuc-cua-nd-13-doi-voi-sme
8. Vietnam’s Future Digital Economy – Towards 2030 and 2045 – CSIRO Research, truy cập vào tháng 1 14, 2026, https://research.csiro.au/aus4innovation/inc/uploads/sites/578/2025/04/10.-VietnamsFutureDigitalEconomy2045_ENG.pdf
9. AI and its impact on dual transformation for Vietnamese SMEs – English, truy cập vào tháng 1 14, 2026, https://beta-en.mic.gov.vn/ai-and-its-impact-on-dual-transformation-for-vietnamese-smes-197251130205252421.htm
10. Bộ TT&TT phê duyệt chương trình hỗ trợ doanh nghiệp nhỏ và vừa chuyển đổi số, truy cập vào tháng 1 14, 2026, https://vietnamnet.vn/it-nhat-moi-nam-30000-doanh-nghiep-duoc-trai-nghiem-cac-nen-tang-de-chuyen-doi-so-i280359.html
11. Doanh nghiệp Việt nguy cơ lộ dữ liệu vì Shadow AI, truy cập vào tháng 1 14, 2026, https://baomoi.com/doanh-nghiep-viet-nguy-co-lo-du-lieu-vi-shadow-ai-c52642310.epi
12. Vietnam Cloud Security Market | 2019 – 2030 – Ken Research, truy cập vào tháng 1 14, 2026, https://www.kenresearch.com/vietnam-cloud-security-and-compliance-market
13. Hơn 155.600 máy tính tại Việt Nam bị tấn công ransomware, truy cập vào tháng 1 14, 2026, https://dx.moj.gov.vn/hon-155600-may-tinh-tai-viet-nam-bi-tan-cong-ransomware-896.htm
14. Ransomware Statistics 2025: Latest Trends & Must-Know Insights – Fortinet, truy cập vào tháng 1 14, 2026, https://www.fortinet.com/resources/cyberglossary/ransomware-statistics
15. TRACKING RANSOMWARE : JUNE 2025 – CYFIRMA, truy cập vào tháng 1 14, 2026, https://www.cyfirma.com/research/tracking-ransomware-june-2025/
16. Xâm phạm email doanh nghiệp (BEC) là gì? | Microsoft Security, truy cập vào tháng 1 14, 2026, https://www.microsoft.com/vi-vn/security/business/security-101/what-is-business-email-compromise-bec
17. Bảo mật email doanh nghiệp trước tấn công BEC – VNetwork, truy cập vào tháng 1 14, 2026, https://www.vnetwork.vn/news/bao-mat-email-doanh-nghiep/
18. Người dùng Việt Nam thiệt hại hơn 6.000 tỷ đồng do lừa đảo trực tuyến trong năm 2025, truy cập vào tháng 1 14, 2026, https://cebid.vn/nguoi-dung-viet-nam-thiet-hai-hon-6-000-ty-dong-do-lua-dao-truc-tuyen-trong-nam-2025/
19. Góp Ý của Liên Minh Dữ Liệu Toàn Cầu về Yếu Tố Chuyển Dữ Liệu Ra Nước Ngoài trong Nghị Định B – Global Data Alliance, truy cập vào tháng 1 14, 2026, https://globaldataalliance.org/inc/uploads/2023/07/vt0630202gdapdpd.pdf
20. Viet Nam – Artificial Intelligence Readiness Assessment Report | UNESCO, truy cập vào tháng 1 14, 2026, https://articles.unesco.org/sites/default/files/medias/fichiers/2025/10/Viet%20Nam%20Artificial%20Intelligence%20Readiness%20Assessment%20Report.pdf
21. Phạt đến 3 tỉ đồng đối với vi phạm hành chính trong lĩnh vực bảo vệ dữ liệu cá nhân, truy cập vào tháng 1 14, 2026, https://baovephapluat.vn/kiem-sat-24h/van-de-su-kien/phat-den-3-ti-dong-doi-voi-vi-pham-hanh-chinh-trong-linh-vuc-bao-ve-du-lieu-ca-nhan-179950.html
22. Hỗ trợ doanh nghiệp nhỏ và vừa trong chuyển đổi số – UBND Xã Cẩm Tân, truy cập vào tháng 1 14, 2026, https://camtan.thanhhoa.gov.vn/chuyen-doi-so/ho-tro-doanh-nghiep-nho-va-vua-trong-chuyen-doi-so-569246
23. Bộ TT&TT chính thức khởi động Chương trình Hỗ trợ doanh nghiệp nhỏ và vừa chuyển đổi số, truy cập vào tháng 1 14, 2026, https://mst.gov.vn/bo-tttt-chinh-thuc-khoi-dong-chuong-trinh-ho-tro-doanh-nghiep-nho-va-vua-chuyen-doi-so-197146308.htm
24. oneSME recognized as platform supporting Vietnamese businesses in digital transformation – VNPT – Vinaphone, truy cập vào tháng 1 14, 2026, https://vinaphone.com.vn/english/news/onesme-recognized-as-platform-supporting-vietnamese-businesses-in-digital-transformation.html
25. VNPT pioneers super technology, creating digital life, truy cập vào tháng 1 14, 2026, https://vnpt.com.vn/tin-tuc/vnpt-pioneers-super-technology-creating-digital-life.html
26. Miễn phí gói giải pháp doanh nghiệp khi dùng internet Viettel – SME HUB, truy cập vào tháng 1 14, 2026, https://sme.viettel.vn/news/detail/55dd4026-7b95-468b-80b0-ae481487f13b
27. Cloud Services Market in Vietnam: Opportunities and Challenges, truy cập vào tháng 1 14, 2026, https://www.vietnam-briefing.com/news/cloud-services-market-in-vietnam-opportunities-and-challenges.html/
28. Top 7 E-Contract Platforms in Vietnam (2025), truy cập vào tháng 1 14, 2026, https://kyta.fpt.com/en/blogs/top-7-e-contract-platforms-in-vietnam-2025
29. Cyber Security | FPT Software, truy cập vào tháng 1 14, 2026, https://fptsoftware.com/services/digital-technologies-and-platforms/cybersecurity
30. Meet FPT Smart Cloud: Driving the Future of AI and Cloud in Vietnam and Beyond | Blog, truy cập vào tháng 1 14, 2026, https://openinfra.org/blog/openinfra-member-fpt-smart-cloud/
31. Ra mắt website khonggianmang.vn hỗ trợ đảm bảo ATTT khi làm việc từ xa cho các cơ quan, tổ chức, cá nhân – Bộ Khoa học và Công nghệ, truy cập vào tháng 1 14, 2026, https://mst.gov.vn/ra-mat-website-khonggianmangvn-ho-tro-dam-bao-attt-khi-lam-viec-tu-xa-cho-cac-co-quan-to-chuc-ca-nhan-197141392.htm
32. 4 công cụ “Make in Vietnam” miễn phí giúp giao dịch trực tuyến an toàn, truy cập vào tháng 1 14, 2026, https://nq57.igip.gov.vn/tin-tuc/t2623/4-cong-cu-make-in-vietnam-mien-phi-giup-giao-dich-truc-tuyen-an-toan
33. 4 công cụ ‘Make in Vietnam’ miễn phí giúp giao dịch trực tuyến an toàn – VietNamNet, truy cập vào tháng 1 14, 2026, https://vietnamnet.vn/4-cong-cu-make-in-vietnam-mien-phi-giup-giao-dich-truc-tuyen-an-toan-i64343.html
34. Phát hành công cụ miễn phí kiểm tra lộ lọt thông tin tài khoản – Báo Đại biểu Nhân dân, truy cập vào tháng 1 14, 2026, https://daibieunhandan.vn/phat-hanh-cong-cu-mien-phi-kiem-tra-lo-lot-thong-tin-tai-khoan-10212495.html
35. ChongLuaDao, truy cập vào tháng 1 14, 2026, https://chongluadao.vn/
36. Sẽ cung cấp miễn phí phần mềm phòng chống lừa đảo cho người dân, truy cập vào tháng 1 14, 2026, https://thoibaotaichinhvietnam.vn/se-cung-cap-mien-phi-phan-mem-phong-chong-lua-dao-cho-nguoi-dan-150683.html
37. Đồng Tháp sẽ đảm bảo kinh phí cho ATTT đạt tối thiểu 10% tổng chi CNTT, truy cập vào tháng 1 14, 2026, https://mst.gov.vn/dong-thap-se-dam-bao-kinh-phi-cho-attt-dat-toi-thieu-10-tong-chi-cntt-197150612.htm
38. Cần ưu tiên tối thiểu 20-30% tổng mức đầu tư cho an toàn thông tin mạng – Báo Chính phủ, truy cập vào tháng 1 14, 2026, https://baochinhphu.vn/can-uu-tien-toi-thieu-20-30-tong-muc-dau-tu-cho-an-toan-thong-tin-mang-102220623170527359.htm
39. Định danh IP và chi phí “10% ngân sách”: Hai chính sách đột phá thay đổi an ninh mạng Việt Nam – Tạp chí Tòa án nhân dân điện tử, truy cập vào tháng 1 14, 2026, https://tapchitoaan.vn/dinh-danh-ip-va-chi-phi-%E2%80%9C10-ngan-sach%E2%80%9D-hai-chinh-sach-dot-pha-thay-doi-an-ninh-mang-viet-nam14440.html