The Government of Nepal has taken a significant step towards strengthening its cybersecurity and protecting its IT-related materials and equipment by releasing advisory notes. This move highlights the country’s growing awareness of its vulnerabilities and the importance of cyber safety.
Nepal, a landlocked nation in South Asia, has rapidly adopted the IT revolution, with over 90% of its population having internet access by mid-2024. The number of internet users has increased dramatically, from 35,000 in 2000 to over 30 million. While this expansion has brought numerous benefits, including e-commerce, mobile banking, and e-governance, it has also made Nepal more susceptible to cyberattacks.
The country has faced several high-profile cyber incidents, including the 2017 hack of 58 government websites and a Distributed Denial of Service (DDoS) attack in January 2023 that rendered 1,500 government websites inoperable. These incidents have exposed serious weaknesses in Nepal’s cybersecurity infrastructure.
According to the Global Cybersecurity Index, Nepal scored 44.99 out of 100 in 2020, ranking 94th out of 182 countries worldwide. The country’s cybersecurity landscape is characterized by a mixed bag of progress and challenges. While Nepal has made some improvements, it still lags behind regional rivals Bangladesh and India.
The Electronic Transactions Act of 2008 is the foundation of Nepal’s cybersecurity initiatives, but it has limitations in addressing modern concerns such as ransomware and advanced persistent threats. The National Cyber Security Policy was passed in August 2023, aiming to build a resilient cyberspace by establishing provincial Computer Emergency Response Teams and promoting digital literacy.
However, challenges persist, including corruption, capacity constraints, and connectivity issues. Corruption undermines cybersecurity efforts, and the country’s IT sector is plagued by scandals involving IT procurement. Capacity limitations are also a significant concern, with a shortage of qualified cybersecurity professionals.
Nepal can learn from global best practices, such as Estonia’s emphasis on cybersecurity training in schools and Singapore’s Cybersecurity Act. The country must prioritize public-private partnerships, capacity building, and modernizing its infrastructure to strengthen its defenses.
The road ahead is fraught with challenges, including implementing the National Cyber Security Policy, preventing IT corruption, and addressing emerging risks such as AI-driven attacks and IoT vulnerabilities. However, with regional collaboration and a commitment to cybersecurity, Nepal can turn itself into a digital contender.
