From identity theft to large-scale network attacks, Pakistan must prioritize cybersecurity innovation to protect individuals, institutions, and businesses.

The age of digitization has brought both enormous potential and formidable challenges for Pakistan. The number of internet users in the country is growing at the fastest pace ever, reaching 111 million in 2024. However, despite the expanding cyber-threat landscape, the nation still struggles to provide reliable and sustainable solutions to individuals, as well as domestic and foreign businesses. As a result of the rapid development of digital technology and internet usage, Pakistan is now vulnerable to various cybersecurity risks.
The scope of attacks has increased dramatically as Pakistan's online presence has expanded, leaving critical networks and private data vulnerable to exploitation. Recent developments have shown that, alongside the growing scope, the financial implications of these attacks are also rising—whether in monetary damages, harm to an individual’s reputation, or costs incurred to recover data or finances. This vulnerability has serious repercussions, as institutions, businesses, and individuals become targets of increasing cyber threats. Security breaches, theft of personal information and identity, online harassment, fraudulent transactions, copyright infringement, malicious software, and other criminal activities have all significantly increased in Pakistan in recent years.
This concerning pattern emphasizes how urgently effective cybersecurity measures must be implemented. Individuals and organizations from the general population and business sectors must work together to address the increasing cyber threats. Protecting Pakistan's digital environment requires creating a strong cybersecurity framework, encouraging creativity and innovation, and raising understanding. By recognizing the seriousness of these issues, we can collaborate to create a more reliable, robust, and sustainable cyber system.

Pakistan's Cybersecurity Framework: Countering Threats
Pakistan experienced a staggering 34 million cyber breaches between 2023 and 2024, highlighting the severity of the cybersecurity issue. Notably, in the first three months of last year alone, attempts to deploy spy malware surged by 300 percent. These breaches affected multiple sectors and were not confined to any one area. Attacks on the public sector increased by 22.9 percent, while those on information technology (IT) enterprises, as well as the economic and commercial sectors, rose by 15.4 percent, 14.9 percent, and 11.8 percent, respectively.
National Response Centre for Cyber Crime. Given the expanding threat spectrum in the age of technology, Pakistan has been proactively strengthening its cybersecurity infrastructure. The National Response Centre for Cyber Crime (NR3C), the primary hub for documentation, addressing, and reducing digital threats, is a crucial part of this structure. Founded in 2007, the Federal Investigation Agency (FIA) oversees the NR3C, and aids people in reporting online bullying, theft of personal information, and security breaches. Additionally, it addresses all cyber crimes, investigating and working with overseas collaborators to counteract global cyber threats. Lastly, it teaches people about cybersecurity guidelines, new dangers, and digital risks.

Pakistan experienced a staggering 34 million cyber breaches between 2023 and 2024, highlighting the severity of the cybersecurity issue. Notably, in the first three months of last year alone, attempts to deploy spy malware surged by 300 percent. 

Prevention of Electronic Crimes Act 2016. The Prevention of Electronic Crimes Act (PECA) 2016 governs the current digital security regulatory framework. It is responsible for responding to threats or attacks on critical data centers, platforms, and large-scale attacks on computer networks in Pakistan. PECA stipulates that unauthorized access to another person's data or network, unauthorized copying or sharing of data, or interference with the functioning of a computer network system shall be punishable by law if the intent is to harm another person, make monetary gains at their expense, or cause a loss.
National Cyber Crime Policy 2021. With the National Cyber Crime Policy 2021, Pakistan has significantly improved its cybersecurity environment. This policy, which Parliament adopted in July 2021, offers a strong foundation for tackling the nation's cybersecurity risks and difficulties. Some of its policy deliverables include creating a regulatory structure for cyberspace, updating technology systems, promoting data security and confidentiality, increasing public knowledge of cybersecurity challenges, and encouraging technological advancement.
Events like the Digital Pakistan Cybersecurity Hackathon 2024 bring together Pakistan's cybersecurity experts. In 2024 alone, the event hosted cybersecurity education sessions, real-world training seminars, and workshops in 16 locations across the country. This initiative resulted in more than 3,000 individuals receiving professional cybersecurity education and training. Such events ensure that Pakistan's cybersecurity personnel are well-prepared to handle any future cyber-attacks.
India’s Cyber Aggression: Pakistan’s Concerns
India has taken steps to strengthen both its offensive and defensive cyberspace warfare capabilities. It plans to modernize its military by incorporating innovative technologies into its strategy for tactical superiority. Pakistan's digital infrastructure is particularly vulnerable to cyberattacks, which have impacted various sectors, including IT, banking, businesses, transportation, utilities, and administration.
A covert cyberwar between the intelligence services of India and Pakistan began on November 26, 2010, when the Indian Cyber Army launched an elaborate assault on 870 Pakistani networks. There have been reports of cell phone hacking for espionage involving notable Pakistani officials following the repeal of Articles 370 and 35A of the Indian constitution. The same year, an Indian force attacked the Pakistan Navy using the 'Target Collision' hijack technique. The well-known APT (Advanced Persistent Threat) group "Rattlesnake" carried out the cyber operation with the intent to steal sensitive data from military computer networks and replace it with counterfeit documentation. Additionally, outdated Microsoft Hyper-V software posed a security risk to Pakistan's tax collection authority in 2021. The hackers stole taxpayers' confidential files and temporarily halted the Federal Board of Revenue's (FBR's) operations for 72 hours during their attack on FBR networks, although they were unable to fully alter the system's configuration.

With the National Cyber Crime Policy 2021, Pakistan has significantly improved its cybersecurity environment. This policy, which Parliament adopted in July 2021, offers a strong foundation for tackling the nation's cybersecurity risks and difficulties. 

Pakistan is concerned about Israeli Prime Minister Benjamin Netanyahu's plans to rank Israel among the world's top five cybersecurity powers, as outlined in the 9th Annual International Cybersecurity Conference. Furthermore, Pakistan’s concerns are justified, as the 2021 International Institute for Strategic Studies (IISS) assessment states that "India's offensive cyber potential is not only 'Pakistan-focused' but also 'regionally effective.'"
Fostering Global Cooperation: Pakistan’s Commitment
By classifying Pakistan in Category One as a 'Role Model' in the Global Cybersecurity Index (GCI) 2024, the International Telecommunication Union (ITU) has acknowledged Pakistan's continuous cybersecurity initiatives and efforts. The GCI assesses nations' dedication to cybersecurity by looking at several factors, including international collaboration. Through cooperative efforts within South Asia and beyond, Pakistan's capabilities have been enhanced by exchanging data and information and incorporating modern techniques, which have been made possible by keen engagement with international cybersecurity agencies. 

Pakistan has shown commitment to implementing capacity-building measures to boost cyber-defense capabilities. At the Global Roundtable on Information and Communication Technology (ICT) Security Capacity Building, Ambassador Munir Akram said, “It is urgent to address key emerging trends of malicious activities in cyberspace both by states and non-state actors.” As an important milestone toward a better and more reliable cyber future for everybody, Pakistan's envoy hoped that the global roundtable discussions would produce valuable suggestions to meet the capacity requirements needed by developing nations.
Further, Pakistan's National Computer Emergency Response Team (PKCERT) recently held a joint session in Islamabad. Dr. Haider Abbas, the Director General of PKCERT, stressed that in an age of cross-border cyber terrorism, collective efforts are necessary to protect and defend personal identities and information. He underscored the importance of collaboration between the twelve states that participated in the session. 
By convening a crucial two-day multilateral workshop, Pakistan has underlined its commitment to fostering global collaboration in cybersecurity. "Cybersecurity Landscape in OIC Countries: Issues and Prospects" welcomed more than 300 officials and professionals from nations that are members of the Organization of Islamic Cooperation (OIC). The event, organized by Huawei Technologies Pakistan and the Standing Committee on Scientific and Technological Cooperation (Comstech), emphasized the need for immediate measures to counter growing cyber threats. 
Moreover, the Digital Pakistan Cybersecurity Hackathon 2024 called for a unified front against cyber threats. By working together, the Hackathon aids member states in strengthening security measures as a group, exchanging knowledge, and collaborating on collective experience. Events such as these will help all countries identify, prevent, and react timely to cyberattacks. Establishing collaboration and dismantling barriers is necessary to make the world community more powerful, resilient, and better able to handle the current cyber threats.
These projects and initiatives testify to Pakistan's dedication to international collaboration and pragmatic approach to tackling cybersecurity challenges.
As digital transformation accelerates globally, cybersecurity has become a crucial pillar of national security. For Pakistan, safeguarding digital identities, ensuring secure communication, and protecting sensitive data are imperative. To enhance cyber resilience, the following actionable and research-based strategies can be adopted:
Empirical research underscores that weak password practices contribute significantly to cybersecurity breaches. A study by Verizon (2021) found that 61 percent of hacking incidents involved credential compromise due to weak or stolen passwords. In Pakistan, many individuals rely on predictable passwords and reuse them across multiple platforms, making them susceptible to cyber-attacks. A cost-effective yet impactful approach to address this issue is launching nationwide cybersecurity awareness campaigns via social media, television, and SMS alerts. This initiative serves as a first line of defense by fostering a culture of cybersecurity awareness among the public.
Government employees, who often manage sensitive data, are prime targets for cyber threats. A report by the World Economic Forum (2022) highlights that cyber-attacks increased by 125% globally in 2021, with evidence of continued growth in 2022. To mitigate such risks, Pakistan should implement regular cybersecurity workshops and training sessions for public sector employees. These sessions can be integrated into existing training programs, ensuring cost-effectiveness while significantly enhancing cyber defense capabilities.
Research indicates that prompt incident reporting can mitigate the impact of cyber-attacks. In line with best practices from nations such as Singapore and the UK, Pakistan should establish a dedicated  hotline for reporting cybercrimes, particularly identity theft and phishing. Given economic constraints, this service can be integrated within the National Database and Registration Authority (NADRA) for identity theft cases and the Pakistan Telecommunication Authority (PTA) for misinformation-related issues. Such an initiative would enable swift response mechanisms and reduce cybercrime incidence rates.
Hackathons have proven to be an effective strategy for identifying and nurturing cybersecurity talent. Pakistan has successfully hosted annual hackathons; however, increasing their frequency and fostering public-private partnerships can enhance their impact. A study by MIT (2020) emphasizes the role of ethical hacking in preemptively identifying system vulnerabilities. Encouraging university students and cybersecurity professionals to participate in such initiatives will bolster Pakistan’s cybersecurity workforce and promote ethical hacking practices.
Academic research highlights the importance of integrating cybersecurity education into mainstream curricula. Pakistan can collaborate with universities to offer students internships and certification courses on ethical hacking, data breach recovery, and phishing attack recognition. Leveraging existing university computer labs for training would minimize operational costs. A study by the International Journal of Cybersecurity (2021) found that students who receive hands-on training are more likely to identify and prevent cyber threats effectively.
By implementing these evidence-based measures, Pakistan can cultivate a cyber-aware generation equipped with the skills necessary to counter modern cyber threats. These strategic initiatives will not only enhance national cybersecurity but also contribute to a more secure digital ecosystem for Pakistan’s citizens and institutions.
Concerns over cyber risks and stolen digital identities have significantly transformed Pakistan’s cybersecurity landscape in recent years. Demonstrating its commitment to combating cybercrime and protecting digital identities, Pakistan has established the NR3C and implemented PECA 2016. Notably, the country has also emphasized multilateral cooperation and active participation in global cybersecurity initiatives. Through proactive development of cyber-defense capabilities, Pakistan has the potential to set an example for other nations in addressing cyber threats and safeguarding digital identities.

The writer holds an MPhil degree in International Relations from National Defense University, Islamabad. 
E-mail: [email protected]

References
• Ali, Ahmad. 2024. “Cyber Security – Imperative for Pakistan’s Digital Landscape.” Pakistantoday.com.pk. September 6, 2024. https://www.pakistantoday.com.pk/2024/09/06/cyber-security-imperative-for-pakistans-digital-landscape/. 
• APP. 2024. “Pakistan Urges UN Led Cyber Capacity Building.” The Express Tribune. May 13, 2024. https://tribune.com.pk/story/2466321/pakistan-urges-un-led-cyber-capacity-building. 
• APP. 2024. “Pakistan Ranked among Top Countries in Cybersecurity, Says IT Minister.” DAWN.COM. October 31, 2024. https://www.dawn.com/news/1868801. 
• “Cyberwarfare Is Shifting the Nature of Indo-Pak Conflict in South Asia.” n.d. https://ipripak.org/cyberwarfare-is-shifting-the-nature-of-indo-pak-conflict-in-south-asia/. 
• Editorial. 2020. “Virtual Crimes.” The Express Tribune. July 20, 2020. https://tribune.com.pk/story/2255868/virtual-crimes. 
• “National Response Centre for Cyber Crime.” n.d. www.nr3c.gov.pk. https://www.nr3c.gov.pk/about_us.html. 
• “Pakistan’s Cybersecurity Challenges: A Complex Digital Landscape - Strafasia | Strategy, Analysis, News and Insight of Emerging Asia.” 2019. Strafasia | Strategy, •Analysis, News and Insight of Emerging Asia. 2019. https://strafasia.com/pakistans-cybersecurity-challenges-a-complex-digital-landscape/. 
• PKCERT. 2024. “PKCERT - the National CERT of Pakistan.” Pkcert.gov.pk. 2024. https://pkcert.gov.pk/events/gci-index-2024.asp. 
• PKCERT. 2025. “PKCERT - the National CERT of Pakistan.” Pkcert.gov.pk. 2025. https://pkcert.gov.pk/images-gallery/collaboration-efforts-on-cybersecurity-with-foreign-diplomats-from-brotherly-countries.asp. 
• “Prevention of Electronic Crimes Act, 2016.” n.d. pakistancode.gov.pk.  https://pakistancode.gov.pk/english/UY2FqaJw1-apaUY2Fqa-apaUY2Jvbp8%253D-sg-jjjjjjjjjjjjj.
• Salman, Dr Aneel. 2024. “Global Cybersecurity Index Pakistan S Rise and Challenges Ahead.” The Express Tribune. October 6, 2024. • https://tribune.com.pk/story/2500995/global-cybersecurity-index-pakistans-rise-and-challenges-ahead. 
• Dawn. 2024. “Call for Stronger Cooperation among OIC-Member States to Counter Cyber Threats.” DAWN.COM. December 18, 2024. https://www.dawn.com/news/1879374. 
•“The Developing Cybersecurity Framework in Pakistan.” n.d. www.ibanet.org. https://www.ibanet.org/Developing-cybersecurity-framework-in-Pakistan.