In the fast-evolving digital landscape of Bangladesh, the rise of e-commerce and f-commerce (Facebook commerce) has transformed how businesses operate. However, the opportunities brought by this digital transformation also come with significant cybersecurity challenges. For micro, small, and medium enterprises (MSMEs) in Bangladesh, these challenges are particularly acute. A lack of awareness and preparedness leaves many businesses vulnerable to the messy and often devastating aftermath of cyberattacks.
The E-commerce and F-commerce Boom and Its Cybersecurity Challenges
Bangladesh has seen a significant rise in e-commerce and f-commerce in recent years. As more businesses embrace digital platforms, from Facebook-based sellers to full-fledged e-commerce websites, the market continues to expand. However, this growth has come at a price. MSMEs, which make up a significant portion of the economy, are increasingly targeted by cybercriminals. Over 92% of MSME entrepreneurs lack awareness of basic cybersecurity measures, and 40% of them have already fallen victim to cyberattacks.
For many small businesses, a single cyberattack can have catastrophic consequences. Phishing attacks, ransomware, and other forms of cybercrime not only disrupt operations but can also result in financial losses, reputational damage, and the loss of customer trust. In one alarming case, a Bangladeshi entrepreneur’s website was hacked by a foreign cybercriminal, showcasing the global nature of these threats.
Recent Incidents and The Urgency of Action
Recent cybersecurity incidents in Bangladesh, both in government and non-government sectors, underscore the urgency of addressing these challenges. The rise of cyber-dependent crimes, where criminals exploit digital infrastructure, has created a new frontier of criminal activity. MSMEs are particularly vulnerable because many lack the resources and expertise to defend against sophisticated cyber threats.
For instance, cases involving unauthorized system access, data theft, and ransomware attacks have been on the rise. These incidents reveal the fragility of the digital commerce infrastructure in Bangladesh. Given that MSMEs are a critical part of this infrastructure, their vulnerability poses a risk not only to individual businesses but to the broader economy. As highlighted during the recent “Policy Dialogue on MSME Digital Security and Data Protection Challenges” organized by Inspira and SARDI, the lack of a comprehensive cybersecurity framework leaves businesses exposed to these growing threats.
Impact of Political & Economic Shifts
Amid these challenges, Bangladesh recently experienced a significant political transition with the installation of an interim government. Historically, these governments have played a pivotal role in overseeing key administrative functions during election periods, including economic and policy oversight. The current interim administration took office at a crucial time when cybersecurity challenges in the digital commerce sector are peaking. However, the progress in addressing these challenges has been mixed.
The previous government had already laid the groundwork with the introduction of laws like the Digital Commerce Act 2023, Cybersecurity Act 2023, and Personal Data Protection Act 2023. These laws were intended to provide a stronger framework for protecting digital businesses from cyber threats. Yet, the gaps in these laws remain significant, and many critical regulations still lack the necessary clarity for effective enforcement.
Since taking office, the interim government has been slow to address these policy gaps. While there have been promises of continuing the legislative agenda set by the previous administration, concrete actions have been limited. For example, critical amendments to the Cybersecurity Act and clearer guidelines on data protection—issues repeatedly raised by business leaders and cybersecurity experts—are still awaiting finalization. This delay has left businesses, particularly MSMEs, in a state of uncertainty regarding their legal responsibilities and protections when it comes to cybersecurity.
Moreover, the interim government has not yet initiated any significant national cybersecurity awareness campaigns targeting MSMEs. Such campaigns, which were part of the recommendations from cybersecurity experts and stakeholders, are essential to bridge the vast knowledge gap that leaves businesses vulnerable.
Steps for Businesses to Address Cybersecurity Challenges
- Increase Awareness and Education: A key recommendation from cybersecurity experts is that MSMEs must prioritize education and awareness. Businesses need to understand the basic principles of cybersecurity, including the importance of strong passwords, two-factor authentication, and regular software updates. Government and private sector initiatives must continue to offer training sessions and workshops to bridge the current knowledge.
- Adopt Basic Cybersecurity Practices: Small businesses should start by implementing straightforward measures. Installing antivirus software, conducting regular system backups, and ensuring secure payment gateways are critical steps that can mitigate many common cyber threats. Even simple actions, like training employees not to click on suspicious links, can prevent phishing attacks that often target MSMEs.
- Utilize Government and Private Sector Support Services: The South Asian Regional Digital Initiative (SARDI) has set up a support desk specifically to help MSMEs navigate cybersecurity issues. With over 400 requests handled so far, including cases of cyber-dependent crimes, this service offers an invaluable resource for businesses in need of cybersecurity assistance. Businesses should take advantage of such services and collaborate with cybersecurity experts to improve their defenses.
Role of the Interim Government and Policy Makers
The interim government of Bangladesh must prioritize addressing gaps in the country’s cybersecurity framework to protect its growing e-commerce and f-commerce sectors. Building on the Digital Commerce Act 2023, Cybersecurity Act 2023, and Personal Data Protection Act 2023, the government must refine these laws to offer clearer guidance for businesses, particularly MSMEs, which remain highly vulnerable to cyber threats. Amendments to the Cybersecurity Act should clarify compliance requirements, while the Personal Data Protection Act needs to better define data classification and storage standards to avoid confusion.
Public-private collaboration is essential. The government should facilitate workshops and task forces that bring together policymakers, industry leaders, and cybersecurity experts to address evolving threats. Public awareness campaigns focused on raising cybersecurity literacy among businesses and fostering the use of AI-driven security tools can further strengthen defenses. Incentivizing private sector investments in cutting-edge technologies, such as AI for real-time threat detection, will ensure businesses stay ahead of increasingly sophisticated cybercriminals.
To support MSMEs, the government needs to expand access to cybersecurity training programs and establish a centralized support desk for real-time guidance on managing cyber threats. Financial incentives for adopting cybersecurity tools would encourage small businesses to improve their digital defenses. Additionally, continuous monitoring and adaptive regulatory responses are critical to ensuring policies keep pace with the rapidly evolving nature of cybercrime.
A Unified Approach to Cybersecurity
Cybersecurity is not just the responsibility of businesses or the government alone—it requires a unified approach involving multiple stakeholders. For MSMEs in particular, collaboration is key. Business owners, policymakers, and cybersecurity professionals must work together to create a more secure digital ecosystem. This includes establishing clear incident response protocols and ensuring that MSMEs have access to affordable cybersecurity tools and services.
Furthermore, businesses should be encouraged to share information about cyber threats and vulnerabilities through a national cybersecurity platform that can provide learning tools, live support, training programs, suggest regulatory updates based on technological advances, and an emergency helpline in case of local and transnational cyber attacks. By fostering an environment of collaboration and shared learning, the entire sector can become more resilient to cyberattacks.
Conclusion
As Bangladesh’s digital economy continues to grow, so too does the threat of cyberattacks. For businesses, the messy aftermath of a cyberattack can be difficult to navigate without proper preparation and support. By increasing cybersecurity awareness, adopting basic protective measures, and leveraging government and private sector resources, businesses can better protect themselves from these threats. At the same time, the interim government must prioritize closing policy gaps and ensuring that businesses have the legal clarity and support they need. Only by working together can businesses find relief from the ever-present risks of cyberattacks and build a more secure digital future.