A recent Senate Standing Committee on Interior hearing in Pakistan has highlighted significant worries about the inadequate state of cyber security in the country, particularly within crucial government bodies like NADRA and the Federal Board of Revenue (FBR). Lawmakers expressed alarm over repeated cyber breaches leading to the exposure of citizens’ sensitive personal data, indicating substantial failures in data protection. Senator Afnanullah Khan emphasized the deep-rooted structural weaknesses in Pakistan’s cyber security system, suggesting possible insider involvement or negligence in the frequent data theft from official databases.
The situation extends beyond government departments, with private sector entities such as banks, telecom companies, and digital platforms also facing vulnerabilities to hacking and data breaches. Many organizations still rely on outdated security systems and lack efficient mechanisms to promptly address breaches. Cybercriminals are employing advanced tactics like automated attacks and social engineering to profit from stolen information on a large scale by combining data from various sources.
Despite the escalating risks, cyber security is not accorded high priority in governance or business in Pakistan. Experts point out the absence of substantial long-term investments, stringent enforcement, and accountability, leaving both public and private sectors exposed in an increasingly hostile digital environment. The lack of a comprehensive data protection law in Pakistan further compounds the issue, with no legal mandate for organizations to invest in cyber security infrastructure or prepare for cyber threats like hacking and online fraud.
The absence of a robust cyber security framework is particularly concerning as Pakistan pushes for digitalization through initiatives like the Digital Nation Pakistan Act. However, critics caution that the rapid digitalization drive lacks adequate safety measures, creating centralized data pools that are susceptible to cyber attacks. Observers stress the critical need for strong and regularly updated cyber security systems to accompany any digital platform expansion, highlighting the vulnerability of public and private systems to cyber threats due to inadequate security measures.
