Cybersecurity in Nepal: Challenges, Progress, and Future Strategies

In the age of rapid digitalization, cybersecurity has emerged as a critical concern for Nepal, a nation experiencing significant growth in internet connectivity and digital services. As Nepal embracesthe country adopts technologies like mobile banking, e-commerce, and e-governance, the need for robust cybersecurity measures to protect sensitive data and infrastructure has become paramount. However, Nepal faces unique challenges in securing its digital landscape due to limited resources, low cybersecurity awareness, and evolving cyber threats. This article explores the state of cybersecurity in Nepal, key challenges, recent progress, and strategies for building a secure digital future.

The Current State of Cybersecurity in Nepal

Nepal ranks 94th in the Global Cybersecurity Index (GCI) 2020, an improvement from its 106th position in 2018, reflecting growing commitment to cybersecurity. The GCI, published by the International Telecommunication Union (ITU), evaluates countries based on five pillars: legal measures, technical measures, organizational measures, capacity development, and cooperation. Nepal scored 44.99 out of 100, indicating room for improvement, particularly in technical and organizational areas.

The rapid expansion of internet access, with over 80% of Nepal’s population online by 2025, has increased the risk of cybercrimes. From phishing scams to sophisticated ransomware attacks, Nepal’s digital infrastructure faces a range of threats. High-profile incidents, such as the 2017 hacking of 58 government websites by the group “Paradox Cyber Ghost” and the 2020 data breach at Vianet Communication affecting over 170,000 users, underscore the vulnerabilities in Nepal’s digital systems.

Major Cybersecurity Challenges in Nepal

1. Lack of Awareness and Education

A significant challenge in Nepal is the low level of cybersecurity awareness among individuals and organizations. Many users fall victim to phishing attacks, weak passwords, and outdated software due to a lack of knowledge about safe online practices. Small businesses and public organizations often lack the resources to implement robust cybersecurity measures, making them easy targets for cyberattacks.

2. Weak Digital Infrastructure

Over 80% of Nepal’s websites, including government and private sector platforms, operate on shared hosting servers with limited cybersecurity protections. These systems are vulnerable to attacks like SQL injection and Distributed Denial of Service (DDoS), which account for over 85% of documented cybercrimes in Nepal. The National Information Technology Centre (NITC), which hosts government websites, struggles with overcapacity risks during attacks.

3. Sophisticated and Organized Cybercrimes

Cybercrimes in Nepal have become increasingly sophisticated, with incidents like the 2017 NIC Asia Bank SWIFT system hack, where USD 4.4 million was intercepted, and the 2020 Nepal Electronic Payment System hack affecting 17 banks. Social media-related crimes, including cyberbullying, defamation, and sextortion, are also on the rise, with over 19,000 cybercrime cases reported in 2024 alone.

4. Policy and Regulatory Gaps

While Nepal has introduced policies like the Cyber Security Bylaw 2020 and the National Cyber Security Policy 2023, gaps remain in implementation and enforcement. The proposed National Internet Gateway in the 2023 policy has raised concerns about potential surveillance and internet freedom, drawing comparisons to restrictive measures in countries like China and Cambodia.

Progress in Nepal’s Cybersecurity Landscape

Despite these challenges, Nepal has made strides in strengthening its cybersecurity framework:

• Policy Development: The Cyber Security Bylaw 2020 mandates vulnerability assessments for mobile applications, ensuring safer digital services. The National Cyber Security Policy 2023 aims to enhance data confidentiality, integrity, and availability.
• Private Sector Initiatives: Companies like Eminence Ways, Vairav Tech, and Cynical Technology are providing cybersecurity services to businesses and government entities. Ethical hackers from Nepal, such as Sachin Thakuri and Prakash Sharma, have gained international recognition for identifying vulnerabilities in platforms like Facebook and Google.
• Cybercrime Investigations: The Nepal Police Cyber Bureau has registered over 16,000 cybercrime cases in the past four years, with daily complaints averaging 60–70. Efforts are underway to improve incident response and forensic capabilities, though resource constraints remain a hurdle.

Strategies to Strengthen Cybersecurity in Nepal

To build a resilient digital ecosystem, Nepal must adopt a multi-faceted approach to cybersecurity:

1. Public Awareness and Education

Investing in public education campaigns to promote safe online practices, such as using strong passwords and two-factor authentication, can reduce human-error-based breaches. Training programs for employees in both public and private sectors are essential to mitigate risks.

2. Robust Policy Framework

Nepal needs comprehensive cybersecurity laws that address emerging threats like AI-driven deepfakes and data breaches. Policies should balance security with digital rights, avoiding measures like the National Internet Gateway that could lead to surveillance. Strengthening the Electronic Transactions Act, 2063 (2008) to cover modern cybercrimes is critical.

3. Investment in Infrastructure

Adopting advanced technologies like firewalls, intrusion detection systems, and encryption is vital. Incentives for small and medium enterprises (SMEs) to invest in cybersecurity can enhance resilience. Upgrading the NITC’s infrastructure to handle DDoS attacks and SQL injections is a priority.

4. International Collaboration

Partnering with countries that have advanced cybersecurity frameworks can provide Nepal with best practices and access to cutting-edge defense mechanisms. Collaboration with international organizations like the ITU can further bolster capacity development.

5. Strengthening Incident Response

Enhancing the capabilities of the Nepal Police Cyber Bureau and establishing computer emergency response teams (CERTs) in all seven provinces can improve response times to cyber incidents. Training specialized personnel and equipping forensic labs are essential steps.

The Role of Individuals and Organizations

While government and institutional efforts are crucial, individuals and organizations play a significant role in cybersecurity:

• Use Strong Credentials: Adopt complex passwords and two売factor authentication to secure accounts.
• Regular Updates: Keep software and systems updated to patch vulnerabilities.
• Vigilance Against Phishing: Avoid sharing sensitive information via unsolicited emails or calls.
• Ethical Hacking: Encourage ethical hacking to identify and fix vulnerabilities in systems.

As Nepal embraces digital transformation, cybersecurity remains a cornerstone of national security, economic stability, and personal privacy. While progress has been made, challenges like limited awareness, weak infrastructure, and evolving cyber threats persist. By prioritizing education, robust policies, infrastructure investment, and international collaboration, Nepal can build a secure and resilient digital ecosystem. Individuals, businesses, and the government must work together to ensure that Nepal’s digital future is safe and sustainable.

For more information on cybersecurity initiatives in Nepal, visit the Nepal Telecommunications Authority or explore resources from Digital Rights Nepal.