Shafaqna Pakistan | by AK Haq- When Pakistan’s politicians and state officials discuss online threats, the conversation almost always turns to policing digital content countering fake news, regulating speech, and tightening control over social media platforms. Far less attention is paid to the far more dangerous and fast-growing threat: Cyberattacks, data breaches and identity theft that put millions of Pakistanis at risk.
This imbalance is troubling, especially when global cybersecurity firm Kaspersky estimates that Pakistan faces nearly one million cyberattacks every month, targeting government networks, intelligence agencies, the oil and gas sector and major corporations. These attacks are not speculative risks; they are ongoing, widespread and increasingly sophisticated, yet remain overshadowed by the state’s preoccupation with regulating online discourse.
Last week brought a long-overdue development: the government finalised the initial draft of the Cybersecurity Act 2025, sending it to stakeholders for consultation, and announced the creation of a Cybersecurity Authority. This body will be responsible for proposing and implementing cybersecurity measures for critical national infrastructure, including NADRA, the FBR, the telecom sector, and now immigration and passport systems.
Given the scale of cyber threats and their implications for national security, economic stability and the privacy of citizens, these reforms should have been initiated years ago.
The urgency is underscored by recent incidents. In May, the National Cyber Emergency Response Team (PKCERT) issued an alarming advisory: login credentials and passwords of over 180 million Pakistani internet users had been compromised in a massive global data breach.
A few months later, in September, the PTA blocked more than 1,300 websites, social media pages, and apps that were openly selling leaked citizen data. Such events highlight the fragility of Pakistan’s digital ecosystem and the growing market for stolen identities and sensitive information.
Speaking at a university event in Islamabad last week, the IT minister said Pakistan aims to shift toward AI-driven cybersecurity, improved cloud security under the Cloud-First Policy and more secure digital identity systems. If backed by sufficient resources and political will, the new cybersecurity act and authority could accelerate the adoption of these tools.
Yet the threat landscape is evolving even faster. Hackers now have access to powerful, decentralised technologies that make attacks easier to launch and harder to trace — and they operate across borders with almost complete impunity.
Strengthening cybersecurity infrastructure is essential, but these measures are mostly defensive. The more difficult challenge lies in actively pursuing and prosecuting cybercriminals, especially when some hacker groups are supported by hostile intelligence agencies and governments. Given Pakistan’s tense regional environment particularly with India this risk cannot be ignored.
At the same time, discussions around cybersecurity in Pakistan often run parallel to growing digital restrictions and shrinking online freedoms. Laws like PECA have already been used to curb expression, raising concerns that future cybersecurity reforms might also be leveraged to enable further state control rather than genuine protection.
Pakistan faces a difficult race: the state must build stronger digital defences faster than hackers develop new methods to break them. But hackers suffer little when they fail, they adapt and try again. The state, meanwhile, must find ways to stay ahead without compromising civil liberties or shutting down civic space online. For ordinary citizens, the problem is painfully familiar.
The government is quick to police what people say, post or view online, yet struggles to protect them from real digital crimes like data theft or identity fraud. It mirrors real-world policing: the authorities might issue an e-challan within minutes, but cannot always prevent a vehicle from being stolen.
If Pakistan is moving toward greater digital policing, then at the very least, its people should be safer for it. Until cybersecurity is treated with the seriousness it deserves, millions of Pakistanis will remain vulnerable not because of what they say online, but because the system fails to protect them.
Source: Shafaqna Pakistan
Note: Shafaqna do not endorse the views expressed in the article