Vietnam is projected to face a shortage of 700,000 cybersecurity personnel in the next three years, while currently 56 percent of agencies and businesses lack sufficient information security staff, said Vu Ngoc Son of the Vietnam National Cybersecurity Association at the Vietnam Security Summit 2025 held on May 23 in HCM City.

Vietnam is among the countries at high risk of cyberattacks, he said. A report showed that in 2024, over 659,000 cyberattacks occurred in the country, with about 46.15 percent of agencies and businesses experiencing at least one attack.

This is attributed to the severe shortage of information security personnel in Vietnamese businesses. Currently, around 56 percent of agencies and enterprises lack sufficient IT and information security staff. Notably, for 24/7 cybersecurity monitoring, a minimum of 8–10 personnel is needed to cover working shifts.

Son explained that many factors contribute to this shortage. Specifically, training programs cannot keep pace with practical demands; few institutions offer specialized training; and there is a lack of practical programs, resulting in poor real-world problem-solving skills.

He also mentioned brain drain, with many skilled experts having shifted to working from a distance for foreign companies due to uncompetitive salaries and benefits offered in Vietnam. Cybersecurity professionals face limited career advancement opportunities, lack of specialized skill development, and insufficient real-world experience.

The lack of collaboration between businesses and educational institutions further exacerbates the shortage. Businesses rarely participate in training, schools lack partnerships to update new technologies, and graduates often lack practical skills for working with large-scale systems.

The consequences of this shortage include an increase in the number and severity of cyberattacks, slow and ineffective incident response, and challenges in digital operations for businesses and government agencies.

Son suggested that Vietnam learn from international experiences. There needs to be close collaboration between research institutes, schools, and businesses, to allow students to engage early in business activities to understand real-world demands. Meanwhile, companies should offer scholarships and post-graduation job commitments to lure more talents.

Training methods must be reformed by emphasizing practical, hands-on training in schools, mandating internships, and simulating attack scenarios. Expanding cybersecurity education to high schools and vocational colleges, and utilizing platforms like Cyber Range for training, will enhance collaboration between research institutes, schools, and businesses.

Additionally, AI should be applied to automate cybersecurity system operations, reducing reliance on human resources. Experts cited a need to research and design AI solutions tailored to the needs of businesses and organizations. Retraining and transitioning IT engineers to cybersecurity roles using AI is also essential.

Le My