EDITORIAL: In recent years, Pakistan has seen rapid advancements in digitalisation of its economy, with the financial services sector in particular evolving at an unprecedented pace.
As a recent report by the Asian Development Bank (ADB) on enhancing financial inclusion notes, a key game changer has been the rise of mobile and branchless banking, which has granted financial access to previously unbanked populations.
The government is also accelerating efforts to digitise operations in the public sector, including that of the FBR, the judiciary, and through legislative measures like the Digital Nation Pakistan Bill, it is aiming for a paperless governance ecosystem, with a focus on digitising public services.
The serious concern here is that these advances lack a parallel development in robust data protection laws, leaving digital systems vulnerable to cyber threats and data breaches, and making data security a critical challenge for Pakistan.
As the ADB report notes, despite progress in digital financial services, only 21 percent of Pakistani adults have access to bank accounts or mobile money providers. Given this, it has urged the government to expand digital finance through further enhancing mobile money avenues, encouraging merchants to adopt digital payments and establishing digital ID systems to facilitate digitalisation of services like tax payments.
However, it must be kept in mind that such far-reaching measures demand advanced digital infrastructure, expanded technical capacities and public trust in the benefits of digital transformation. Given the scale of expansion needed, it is imperative that the protection of digital assets and data security become foundational pillars of the digital economy.
What Pakistan needs, therefore, is a comprehensive legislation that ensures the protection of personal and financial data, while mandating investments in cyber security infrastructure, including anti-hacking measures and mechanisms to counter digital crimes, identity theft and financial fraud.
Such a regulatory framework must require all entities transitioning to digital platforms to have the necessary infrastructure and expertise to safeguard sensitive data against all manner of digital threats. It must also take into account that ensuring cyber security is not a one-time investment; it is a continuous battle. The law must require that security measures and digital capacities be constantly upgraded in response to the evolving nature of cyber threats.
Moreover, an autonomous regulatory authority that ensures the effective implementation of data protection laws is also essential. This body must be led by experts in data security, who understand the specific challenges faced by both government institutions and private enterprises.
The outdated practice of appointing career bureaucrats, who may lack the technical expertise required for such a critical role must be abandoned in favour of professionals with proven knowledge and experience in cyber security and digital governance.
Without such a dedicated regulatory framework, the risks associated with digital expansion could undermine its very benefits. This is highlighted by the Kaspersky IT Security Economic report, which revealed that in 2024, 71 percent of Pakistani businesses experienced network infiltration attempts, with a surge in phishing, ransom ware and DDoS attacks.
Disturbingly, far from mitigating cyber security vulnerabilities, governmental actions have, in many ways, exacerbated them.
Throttling internet speeds and attempts to restrict VPN access, for instance, have heightened digital security risks – hindering real-time threat detection, disrupting encrypted communications, undermining online privacy and securing of sensitive data, and ultimately making systems more vulnerable to cyber attacks.
Such measures erode public confidence, and slow the shift to a digital economy by discouraging the adoption of digital services.
Authorities must realise, therefore, that securing the digital landscape is key to economic digitalisation, but achieving this demands a shift in the government’s approach to online technologies – prioritising privacy rights and robust cyber security measures over surveillance and controlling internet freedoms.
Without this, any regulatory framework to strengthen cyber security will be undermined by a fractured, contradictory digital outlook.
Copyright Business Recorder, 2025
Comments