Cybersecurity in Bangladesh 2025: Is your data safe?
According to the Bangladesh Telecommunication Regulatory Commission (BTRC), we have over 132 million internet users in Bangladesh. This online presence has transformed how people live, work, and communicate. Yet, it also exposes Bangladesh to a growing amount of cyber threats. As more critical services and personal data move online, the urgency to strengthen cybersecurity has never been greater.
Despite advancements in legislation, including the Digital Security Act of 2018 and the Cyber Security Act of 2023, Bangladesh has consistently struggled to protect its digital infrastructure, largely due to shortcomings in implementation by the previous regime. As SM Nazmul Hasan, CEO of software development company Kolpolok, puts it, "These laws were determined to suppress free speech rather than actively address the cybersecurity issues. Also, the strategies struggled with practical execution due to insufficient resources and coordination with various government entities."
For all latest news, follow The Daily Star's Google News channel. Concerns over Bangladesh's cybersecurity have long been raised but are often met with limited response. Allan Watanabe, CEO of international cybersecurity firm Pipeline Inc., recalls sending direct messages to high-standing government officials in the previous regime about critical data leaks, including the infamous National ID breach, only to be ignored.
"We tried to raise these issues directly to the government but were not taken into account," says Watanabe. "Unfortunately, this led to several high-profile breaches, showing the need for comprehensive strategies and better governance." He describes the current cybersecurity landscape in Bangladesh as rapidly evolving but warns that the country still faces significant challenges, including limited technical expertise, insufficient infrastructure, and inadequate policies.
Shahab Al Yamin Chawdhury, Chief Information Security Officer of Link3 Technologies, points to the creation of the Bangladesh Cyber Security Intelligence (BCSI) as a step towards proactive defence. Yet he warns that organisations often focus heavily on hardware protection, while neglecting endpoint protection and employee training, leaving systems vulnerable to ransomware, phishing, and denial-of-service attacks."This imbalance can leave systems vulnerable to various cyber threats, including ransomware, phishing, and denial-of-service (DoS) attacks," he states.
Watanabe also highlights the urgency created by recent data leaks and rising cybercrime. "Government-led efforts and initiatives to digitise services indicate progress," he adds but cautions that the current technologies and infrastructures in Bangladesh are insufficient to fully combat advanced threats.
Despite recent advancements, Bangladesh's cybersecurity environment continues to face significant weaknesses while critical vulnerabilities remain. This is especially true in vital infrastructure sectors, where insufficient public awareness and a shortage of skilled professionals hamper effective defence.
Hasan explains, "Vulnerabilities persist, particularly in critical infrastructure, due to a lack of public awareness and skilled professionals." He warns that the country's heavy reliance on foreign cybersecurity solutions is unsustainable, noting that "Bangladesh has made little progress in software product development, especially in cybersecurity. Currently, we rely 100% on foreign products, which is not sustainable."
But it's not all about the product or the government. Cultural and organisational challenges exist, which only compound the technical issues. Md Muqeet Halim, CEO of cybersecurity consultancy firm Beetle CS, highlights a pervasive security mindset problem across many organisations. He observes that "the overall cybersecurity scene is still immature", with many entities focusing on regulatory compliance rather than building true security resilience.
According to Halim, "Weak security culture is the biggest challenge. Cybersecurity is not a feature. It is a process, and most fail to realise that." This cultural gap manifests in reactive, rather than proactive, approaches to cybersecurity. This reactive approach leaves organisations vulnerable to increasingly sophisticated threats.
Something that can truly help Bangladesh's cybersecurity challenges is public and private sector collaboration, which shows promise but remains underdeveloped. Allan Watanabe acknowledges that joint efforts such as cybersecurity forums and CERT cooperation have begun to bridge gaps. However, he admits that communication gaps remain and notes, "Trust issues hinder open sharing of threat intelligence with private sector expertise remaining underutilised."
Chawdhury notes initiatives like Public-Private Partnerships and the BUILD platform as frameworks encouraging dialogue and investment, yet both experts agree that these mechanisms require further strengthening. In contrast, Halim points to a deeper systemic problem, stating that "Organisations, both government and private, operate in silos with no proper information sharing," and calls for establishing local cybersecurity forums to facilitate coordinated knowledge exchange.
On the technological front, it's just as bleak.
Watanabe highlights the lack of modern threat intelligence platforms, widespread use of outdated systems, and limited adoption of cloud technologies as notable weaknesses. Chawdhury stresses the need for continuous innovation and adaptation to keep pace with evolving cyber threats.
Although Bangladesh's legal framework has advanced, it remains incomplete and sometimes misaligned with modern cybersecurity needs. Hasan points out that while the Cybersecurity Ordinance 2024 represents a significant improvement, it still falls short in providing comprehensive data protection measures. He adds, "Bangladesh must develop more robust data protection laws that align with international standards, such as the EU's GDPR."
Halim criticises existing legislation for focusing disproportionately on censorship and surveillance at the expense of safeguarding citizens and organisations. He advocates for clearer laws and stricter penalties that prioritise data protection and enforcement to enhance overall cybersecurity resilience.
Looking to the future, the four industry leaders agree that sustained development of skilled human resources, technological capacity, and governance frameworks will be essential.
Watanabe envisions a Bangladesh with strong public-private partnerships supported by a national cybersecurity framework aligned with global standards, which would provide a solid foundation for addressing emerging risks. Hasan underscores the importance of fostering local innovation in cybersecurity products, highlighting Kolpolok's global VPN solution as a successful example that needs government support to scale further. Halim emphasises the need to instil a security-first and human-first approach, advocating for mandatory offensive security audits to supplement compliance-based assessments across both public and private sectors.
Despite the challenges ahead, a cautiously optimistic outlook prevails.
Watanabe adds in the end, "With consistent government support, private sector collaboration and investments in education and technology, Bangladesh has the potential to establish itself as a regional leader in cybersecurity." Halim concurs, asserting, "Successful implementation of a national cybersecurity strategy and workforce development will significantly lower risks and improve security over the next decade."
In 2025, Bangladesh's cybersecurity landscape stands at a pivotal crossroads. Progress in legislation, infrastructure, and awareness contrasts with persistent vulnerabilities in skills, culture, and collaboration.
Progressing in the right direction could establish us as a regional leader in cybersecurity. However, if we succumb to stagnation as we have in past decades, it will result in increased cyberattacks, more data breaches, and potentially devastating damage to critical infrastructure.
The country's digital future depends on a coordinated, sustained effort from government, industry, and civil society to build a resilient and secure ecosystem capable of withstanding increasingly sophisticated cyber threats.
The power is in our hands.
Comments