Micro, small, and medium-sized enterprises (MSMEs) are vital to the Asia-Pacific economy, comprising about 90 percent of all businesses and generating millions of jobs. However, these enterprises are increasingly becoming targets for cybercriminals. Many risks originate not from external attacks but from internal issues.
At Internet Day 2025, held on December 17, experts highlighted that information security is now crucial for the survival and growth of small businesses in the digital economy. Filip Graovac, Deputy Country Representative of The Asia Foundation (TAF) in Vietnam, emphasized that digital trust is essential, directly affecting consumer confidence, repeat purchases, and a company’s reputation.
Statistics show that 85 percent of consumers want to know a company’s data policy before making a purchase, and 53 percent prefer to transact with businesses known for strong data protection. Graovac warned that eroding digital trust can lead to revenue loss and increased risk of job cuts, particularly threatening small enterprises.
Contrary to popular belief, information security threats often stem from user behavior within businesses rather than external hackers. Mai Van Tai, Director of the SafeGate Cybersecurity Services Center, stated that risks like data leakage are primarily internal. Employee actions can inadvertently expose corporate data through online storage platforms or AI tools without adequate controls.
Data from the Ministry of Public Security revealed that 110 million data records were offered for sale online in the first half of 2025, underscoring the urgency of the issue. Nguyen Ich Vinh, Vice Chair of the Board at FSI DDS, noted that many businesses still rely on traditional security models focusing on controlling input rather than monitoring data output. Without proper mechanisms to control outbound traffic, it becomes challenging to detect data breaches, especially as malware evolves with AI support.
Experts suggest that building digital trust begins with people and communities. This involves creating a supportive ecosystem of policies, equipping users with digital safety knowledge, fostering trust among individuals, and ensuring responsible business practices regarding customer data protection.
Many small businesses require basic security tools but are limited by costs and human resources. Therefore, accessible solutions tailored to their scale—such as Internet access monitoring and data leakage prevention tools—are essential. As cyberattacks become more sophisticated, multi-layered defenses are necessary for businesses to protect data and maintain digital trust. For small enterprises, identifying internal risks is the first step to thriving in the digital economy.
Du Lam
—
