Global Standards on Cyber ​​Security: What Do Vietnamese Enterprises Need to Prepare for the New Wave?

In the context of increasingly sophisticated and widespread cyber threats on a global scale, establishing a common standard for cyber security has become inevitable. Recently, Vietnam officially became the first country to sign the “United Nations Convention against Cybercrime”, also known as the “Hanoi Convention” – a landmark step in the effort to build a safe, transparent and responsible cyberspace.

However, along with the opportunity for integration comes a series of significant challenges, especially for the business community. This convention is not only a call to action but also sets out strict requirements on information security, data sharing and compliance with international standards. So what should businesses do to avoid being "left behind" or facing legal risks in an era where security standards are no longer optional, but mandatory? Let's find out with SaDesign in the article below the essential preparation steps to help businesses adapt and stand firm against the wave of changes in global cybersecurity.

1. Vietnam affirms its leading role in global cyberspace

In the context of strong globalization and digitalization, cybersecurity is not only a technological issue but also a strategic concern at the national level. It is urgent that countries work towards a common legal standard to prevent cross-border cybercrime. And now, Vietnam - a developing country with strong growth in the technology sector, has been officially chosen as the place to open the signing of the United Nations Convention against Cybercrime, also known as the Hanoi Convention, on October 25-26, 2025.

The decision to choose Hanoi as the venue for the Convention is a clear recognition from the international community of Vietnam’s increasingly prominent role in global cyberspace governance. According to Mr. Nguyen Huu Phu, Deputy Director of the Department of Law and International Treaties (Ministry of Foreign Affairs), this is not only an opportunity for Vietnam to affirm its management capacity, but also a sign that Vietnam is ready to lead international initiatives on digital space, law and cybersecurity.

1.1. Hanoi Convention: a turning point in the fight against cybercrime

The Hanoi Convention, adopted by the United Nations General Assembly on 24 December 2024, is the first international treaty to combat cybercrime. The Convention consists of nine chapters and 71 articles, focusing on three main objectives:

Strengthening prevention and combating cybercrime
Promote international cooperation among member countries
Technical assistance and national capacity building, especially for developing countries
Not stopping at the theoretical level, the Convention also specifically stipulates the mechanism for investigating and prosecuting types of cybercrimes such as: online fraud, spreading malware, child abuse online, illegal intrusion and electronic money laundering.

Additionally, a key feature of the Convention is the mechanism for sharing digital evidence between countries. This sets a new standard for transparency, accountability and coordination in cross-border investigations – something that has long been fragmented or lacking consensus.

1.2. Vietnam: a model for improving information security

In 2024, Vietnam was ranked 17th out of 194 countries and territories in the Global Cybersecurity Index (GCI), according to a report from the International Telecommunication Union (ITU) – up 8 places compared to the previous year. Not only in the top group in terms of security capacity, Vietnam also achieved absolute scores in 4 important pillars: legal, cooperation, technical and organizational.

This is the result of a long process of efforts from state management agencies, the expert community and businesses in building a safe and strong digital ecosystem. However, the challenges ahead are still huge, especially when many domestic businesses are not really ready for the new standards.

1.3. Worrying current situation in Vietnamese enterprises

According to the 2024 Cyber ​​Security Summary Report from Vietnam Cyber ​​Security Joint Stock Company (VSEC), there are up to:

20.06% of businesses do not have specialized personnel in cybersecurity
35.56% of businesses have a maximum of 5 people in charge of security
46.15% of organizations have been attacked by cyberattacks, of which 14.59% were victims of ransomware
Advanced Persistent Threat (APT) attacks primarily target the banking and finance (42%) and healthcare (28%) industries, where sensitive data is stolen or leaked, causing serious economic and reputational consequences.

Obviously, joining the Hanoi Convention will be an important boost, forcing businesses to proactively improve security capabilities, improve systems and build processes in line with new international legal requirements.

2. New legal challenges and international obligations for businesses

By joining the Hanoi Convention, Vietnamese businesses, especially those processing sensitive data or operating across borders, will face a series of new legal obligations, including:

Compliance with information system protection standards
Respond to requests for digital data from domestic and foreign authorities
Implementing electronic evidence sharing within the framework of international law

2.1. Hackers are “hiding” longer in Vietnamese business systems

Mr. Phan Hoang Giap – Deputy General Director of VSEC warned that the average time to detect a cyber intrusion in a Vietnamese enterprise can be 5-6 times longer than the global average. While the world takes an average of 11 days to detect signs of abnormalities, in Vietnam, this number can exceed 50 days.

This means hackers have more time to spy, collect data and install malware before being detected. When the Convention requires businesses to provide electronic evidence, if they do not know that their systems have been compromised in advance, sharing data can inadvertently facilitate information leakage, loss of control of data, leading to serious consequences.

2.2. Businesses need to move from defensive to proactive security

To respond to the challenges from the Hanoi Convention, cybersecurity experts recommend that Vietnamese businesses need to deploy a series of proactive security measures, instead of just passive defense:

Periodic Penetration Testing (Pentest): Helps detect vulnerabilities before hackers exploit them

Compromise Assessment: Ensures that the system is not infected with malware or has been hijacked.

Employee Security Awareness Training: Personnel Remain the Biggest “Weak Point” in Cyber ​​Defense Systems

Choose a security provider that meets international standards such as CREST, ISO/IEC 27001: Ensure the service provided complies with global standards

Deploying service security models like Pentest-as-a-Service (PTaaS): A cost-effective, flexible solution for small and medium-sized businesses

2.3. Standardization by field

In addition to applying technical measures, businesses must also comply with specific cybersecurity standards for each field:

Finance – Banking: PCI-DSS Standard

Healthcare – Healthcare: HIPAA Standards

Comprehensive information security management: ISO/IEC 27001

Compliance with these standards not only helps minimize the risk of cyber attacks, but also enhances brand reputation and the ability to participate in global supply chains, which are increasingly strict with information security issues.

2.4. Shortage of human resources

According to a report from VSEC, the shortage of highly skilled human resources in the cybersecurity industry in Vietnam has increased to 53% by 2024, compared to 42% in 2023. This is a big challenge, because human resources are the decisive factor for the success of any security system.

Therefore, businesses need to invest long-term in training and retaining talent, combined with outsourcing security experts to ensure the system is continuously monitored and protected.

2.5. From a collaborative platform to global legalization

Speaking at the United Nations General Assembly, Secretary-General Antonio Guterres stressed that the Hanoi Convention will establish an unprecedented foundation for international cooperation, including:

Fast exchange of information between countries
Protecting victims and tracking criminals more effectively
Preventing cybercrime at its source
President of the United Nations General Assembly – Mr. Philémon Yang also affirmed that this will be the first legal foundation to deal with borderless cybercrimes, with global economic losses estimated at up to 10,500 billion USD by 2025.

Not only that, the Convention also creates a 24/7 cooperation mechanism between countries, from intelligence sharing, cross-border investigations to establishing unified legal standards - something that was previously very vague.

The fact that Vietnam was chosen as the place to sign the Hanoi Convention is not only a source of pride, but also a clear warning for domestic enterprises: International standards are approaching and that is an irreversible trend.

New requirements on cybersecurity, data sharing, cross-border legal compliance, etc. are no longer “far away” but will directly affect business operations, data management, and the survival of enterprises in the digital economy.

Therefore, Vietnamese organizations and businesses need to start now to re-evaluate the entire cybersecurity system, build appropriate human resource and technology investment strategies, and most importantly, think according to global standards.