Cyber threats entail malicious practices of computers and the internet used to hurt individuals, steal information, or strike strategic systems. Cyber terrorism occurs when terrorists apply such tools to evoke fear, destroy the infrastructure in a country, or attack the government. These threats are turning out to be a major concern for national security in Pakistan. As an example, the Federal Board of Revenue (FBR) experiences approximately 71,000 individuals annually attempting to crack into the data of the taxpayer. In 2023, NADRA and FIA discovered that approximately 2.7 million citizens’ data had been hacked, which outlines significant threats to personal data. The banks in Pakistan have not been spared either. Cyber-attack activity on the financial sector in 2024 increased by 114 per cent, as well as incidents such as hacking and online fraud. These events demonstrate the impact that cyber threats may have on national security, the level of trust among people, and the national economy.
Emerging Cyber Threats in Pakistan
Cyber terrorism operating on digital platforms, such as the spread of propaganda, recruitment of followers, and destabilisation of peace, is now used by extremist groups in Pakistan, such as TTP, ISKP, and separatists associated with Balochistan. They use social media, Telegram, TikTok, and encrypted messaging services to distribute AI-generated videos, deepfake productions, and they also distribute specific chatbots to cause discord as well as to seduce the youth. They aim to influence the minds, advance their agendas, and organise internet hate campaigns with the new methods, such as using the TikTok algorithm as a weapon and AI-based psychological operations.
The second key threat is the state-sponsored attacks, which are difficult to track down, yet they are likely to be directed at useful servers like government websites, tax records, and financial servers. Large-scale data breaches have also been experienced in Pakistan, such as the 2025 leak of a database of more than 180 million logins to user accounts in the government, banking, and healthcare sectors. Fake news and online rumours by cybercriminals have become a common threat as it is being used to undermine society and erode trust in key infrastructure networks such as energy, telecommunications, and transport networks through disinformation.
Cyber-Security Challenges in Pakistan
Pakistan does not have a sufficient number of trained cyber professionals and digital forensics experts. There is a shortage of people in educational institutes and government departments to fill up the vacancies, and this makes investigation and response to incidents slow and incomplete. Efforts through awareness programs by PKCERT and PTA are becoming effective, but the edge is still there: the report by Pakistan Cyber Security Policy 2021 announces, that, “Pakistan does not have an indigenous national ICT and Cyber Security industry and, in the absence of this, the country is dependent on imported hardware, software, and services”, which makes building local abilities more difficult.
Pakistan is legally and organizationally fragmented as far as cybersecurity is concerned. Although the PECA 2016 law has been an important milestone, it is characterised by imprecise provisions, and the lack of strong implementation frameworks and means without which the judiciary and law enforcement often cannot arrive at optimum implementations of the law. The Cybercrime Wing of GoP-FIA, PTA, PKCERT, NCCIA, NCCS, and others have very inadequate coordination and data sharing mechanisms. In the meantime, the mass audience is poorly informed: although more people are using the internet, internet literacy is low, and this increases the risk of ransomware, phishing, and identity theft. Also, extensive use of imported technology raises foreign security concerns and possible back doors.
Pakistan`s Cyber-Security Measures
The Cyber Security Policy 2021 issued in Pakistan is designed to establish a capable national cyber defence by having a set of well-defined objectives, developing governing bodies, and identifying incident response measures. The policy approved in July 2021 established a Cyber Governance Policy Committee to manage government and critical sector cybersecurity, and called for the establishment of Computer Emergency Response Teams (CERTs) and Security Operations Centres (SOCs). Nevertheless, slow work has been performed as the law has already been established, and active forensic labs have not been created yet, and not all the SOCs are fully functioning.
Pakistan possesses some important institutions that deal with cybercrime. In 2007, a National Response Centre for Cyber Crime (NR3C) was established within the FIA, which investigates and carries out forensics, digitally providing services in mobile forensics, audio video, forensics, education and training, dealing with thousands of cases and carrying out broad-reaching awareness programs. Cases of cybercrimes are now nationwide and handled by the newly formed National Cyber Crimes Investigation Agency (NCCIA) (since May 2024). As part of PECA and Cyber Policy 2021, the Pakistan Telecommunication Authority (PTA) announced its National Telecom Security Operations Centre (NTSOC) to keep track of the safety of its telecom infrastructure. The National CERT (PKCERT) can be recognised as the agency launched in March 2024 that coordinates responses to cyber incidents across the public agencies. Citizens can also report cybercrimes through portals, helplines such as 1991, and through FIA cybercrime hotlines.
Conclusion
The best course of action that Pakistan can take to curb increasing cyber threats is to embrace a futuristic and wholesome cybersecurity approach. Enforcing new legislation such as PECA, developing a central cyber command, and the influx of a competent workforce should be prioritised. It is also crucial to establish a trusting relationship between the government and corporations to develop innovative interaction and sharing of the threats. Cyber hygiene public awareness campaigns, as well as regional and international collaboration by CERTs and exercises, can also complement defences. The digital future of the nation in an increasingly connected world is dependent on a whole-of-nation approach that should be instilled through a high degree of political will and continued investment.































