As Cambodia continues its journey of digital transformation, the ASEAN Digital Masterplan 2025 (ADM 2025) serves as a crucial guide for navigating the complexities of cybersecurity and trust in digital services.
The plan outlines critical steps that Cambodia, alongside other ASEAN nations, must take to build a secure, inclusive and competitive digital economy.
“In this context, Cambodia faces both challenges and opportunities as it strives to enhance its digital infrastructure, foster trust in digital services and align with regional standards,” the ADM 2025 states.
One of the core objectives of the master plan is to build trust in digital services across critical sectors such as finance, healthcare, education and government.
For Cambodia, this means developing robust security mechanisms tailored to these industries. These frameworks include unified certification approaches and the establishment of dedicated security response teams capable of managing potential risks and swiftly responding to cybersecurity incidents.
In comparison to some of its ASEAN counterparts, Cambodia is still in the early stages of implementing comprehensive cybersecurity measures.
“Countries like Singapore and Malaysia have made significant strides in establishing advanced cybersecurity frameworks and response teams, positioning themselves as leaders in digital security within the region,” the ADM 2025 states.
However, the country is taking essential steps to catch up, with efforts underway to develop industry-specific security protocols that are crucial for building trust among users and fostering the broader adoption of digital services. This is closely linked to the implementation of cybersecurity best practices and digital data governance.
The ADM 2025 emphasises the importance of these practices in mitigating the direct impact of data breaches on businesses and consumers.
By prioritising these measures, the country aims to create a secure digital environment that encourages trust and confidence among its citizens and businesses.
The plan states, “While Cambodia is making progress, it still has considerable ground to cover compared to regional leaders like Singapore, which has already implemented comprehensive data protection laws and cybersecurity frameworks.”
Regional collaboration
Cambodia has also made significant strides in strengthening regional collaboration on cybersecurity within the ASEAN framework.
The establishment of a regional Computer Security Incident Response Team (CSIRT) is a pivotal initiative aimed at promoting security best practices across sectors.
“This regional coordination enhances Cambodia's capacity to address cybersecurity threats effectively, benefiting from shared knowledge and resources within the ASEAN community,” according to the plan.
However, the country’s collaboration efforts, while promising, need to be bolstered by more robust national initiatives.
The plan states that compared to Thailand and Indonesia, which have more established cybersecurity coordination mechanisms, Cambodia must enhance its national cybersecurity infrastructure to fully leverage regional collaboration.
This includes improving the capacity of local cybersecurity teams and ensuring that they are well-integrated into regional networks.
Harmonising data protection and privacy regulations across ASEAN is another crucial aspect of the master plan.
For Cambodia, aligning its standards with global mechanisms such as the General Data Protection Regulation (GDPR) is vital for facilitating cross-border digital trade.
The country’s journey toward stronger data protection will require not only the adoption of new laws but also the development of enforcement guidelines and public awareness campaigns to ensure compliance and build public trust.
With four internet exchange points (IXPs), Cambodia is making moderate progress in enhancing the quality of digital services and cybersecurity by allowing local traffic exchange within the country.
However, the number of IXPs is notably fewer than those in Indonesia (21) and Thailand (13), indicating that there is still considerable room for improvement.
The presence of DNS Anycast servers in Cambodia, similar to those in Thailand, Malaysia, Singapore, the Philippines, and Indonesia, is a positive development. DNS Anycast is a network routing method that directs user requests to the nearest available server, reducing latency and improving load times.
This method also enhances resilience against Distributed Denial-of-Service (DDoS) attacks by distributing traffic across multiple servers. The implementation of these servers signals the country’s commitment to improving digital service resilience, although further investments in infrastructure are needed to match the capabilities of more advanced ASEAN nations.
One of the country’s most pressing challenges is increasing digital service usage among its population.
“With only 34 per cent of the population using the internet, Cambodia lags significantly behind countries like Malaysia (80 per cent) and Singapore (84 per cent),” the plan states.
This low level of internet penetration highlights the need for greater efforts in building trust and expanding digital services, particularly in rural and underserved areas. Improving internet accessibility and affordability will be crucial for achieving this goal.
Another critical component of the country’s strategy is the development of digital identity systems.
“Currently, Cambodia has achieved 89 per cent coverage among adults for its foundational ID system,” according to ADM 2025, “however, this still lags behind countries like Malaysia, which boasts 100 per cent coverage with a fully digitised ID system.”
The development of digital ID systems is crucial for enabling secure and trusted online transactions, a key driver of economic growth in the digital age, as per the master plan.