Security of Growth: Why 2025 Became a Point of No Return for Cybersecurity in Uzbekistan

Tashkent, Uzbekistan (UzDaily.com) — Today, businesses in Uzbekistan face an invisible yet formidable adversary: a large-scale wave of cybercrime fueled by digitalization and explosive economic growth.

The country’s drive for innovation, state programs, influx of investments, and a young population make Uzbekistan an attractive hub for IT projects—and, consequently, a target for cyberattacks.

Experts from Softline, Konstantin Melnikov and Ilkhom Begmatov, explain why cybersecurity in Uzbekistan is no longer just an “industry” concern but a matter of survival and competitiveness for any business. The old approach of “trust but verify” has long been replaced by a Zero Trust strategy.

The Digital Leap and Its Flip Side: Challenges of the New Economy

In Uzbekistan, digitalization outpaces cybersecurity maturity. This mismatch is a major risk that cannot be addressed through checklists—it requires a new level of management, education, investment, and cybersecurity culture.

The ICT sector has grown rapidly, reaching 43.8% by 2024: new fintech startups, venture investments, 89% internet penetration, and IT service exports approaching $1.2 billion.

At the same time, the country faces an exponential rise in cybercrime—over 68 times in the past five years. In 2024, cybercrimes accounted for 44% of all registered criminal cases—almost half. For businesses, this is not a distant problem: every data breach or system failure translates into direct losses, reputational damage, operational disruption, and sometimes criminal liability.

An economy built on trust in digital services demands fundamentally new approaches to protection. The banking sector, government services, energy, and retail have all become prime targets for hackers and fraudsters. Sixty percent of attacks target finance and digital payments, while 16% involve social engineering via mobile services. In 2024 alone, financial losses from cybercrime exceeded $58 million, with the majority stemming not from hacking but from human-factor issues: phishing, deepfakes, fake bank calls, and credit fraud.

In late August 2025, the Central Bank of the Republic of Uzbekistan issued minimum cybersecurity requirements for financial organizations. A key innovation mandates that banks continuously monitor external information sources online to detect any attempts to misuse their brand, logos, or reputation.

The guidelines explicitly list common threats: phishing sites, fake domains, fraudulent accounts on social networks, messengers, and marketplaces, even counterfeit apps in popular stores. Risks also include scam emails and SMS, trademark misuse, and dissemination of false or discrediting information. In such cases, financial organizations must notify the Central Bank and the relevant inspection authority within 24 hours and publish the information through official channels.

Effectively, the regulator recommends that all financial sector players implement modern Digital Risk Protection (DRP) solutions that monitor the external digital environment in real time and respond promptly to phishing, fakes, or reputational attacks.

This approach not only reduces risks for banks but also builds a new level of trust with clients, business partners, and the market. Such strategies could serve as a model for other sectors where reputation is a strategic asset.

Early detection of external threats—phishing sites, fake apps, or false information posing as official sources—has become critical. Monitoring allows rapid response to incidents and often prevents their escalation, minimizing damage to businesses and clients.

Modern DRP platforms, such as CyberDef, combine expert methodologies and automated threat detection technologies. They allow companies to minimize both reputational and financial risks while complying with regulatory requirements.

Evolving Threats in a Rapidly Changing Technical Landscape

The advent of 5G, IoT, cloud services, and widespread AI development creates hundreds of new vulnerabilities, with cybercriminals quickly adopting AI to mask attacks and generate malware.

Responding with old methods is a losing strategy. Businesses that do not deploy AI-based incident detection and analysis tools, train staff, or conduct regular penetration testing are guaranteed to remain vulnerable.

The Cybersecurity Market: Immense Potential Amid Tough Barriers

Uzbekistan’s cybersecurity market is among the fastest-growing in the world, expanding 25–30% annually (compared to 9–13% globally) and potentially tripling to $1–1.2 billion by 2027. This growth brings opportunities for both international and local players, startups, and partnerships.

Challenges remain: the country has fewer than 1,000 certified experts, corporate solutions require significant investment, and frameworks for cooperation between government, business, and industry associations are still developing.

Raising digital literacy is a key priority. Seventy percent of SMEs acknowledge that they do not implement modern cybersecurity systems due to cost and complexity—but these SMEs are the easiest targets. Simple cloud services, MSSP (Security as a Service), staff training, and supported package solutions are not luxuries—they are must-haves for any company aiming to grow safely.

The state is accelerating regulation: new cybersecurity laws, stricter liability for incidents, mandatory data localization, SOC centers, and startup support are all being introduced. Developing a national strategy, interagency councils, and transparent staffing programs is still ongoing.

Within the next 2–3 years, 100% of state customers will require compliance with new laws, including mandatory incident compensation and anti-fraud systems. The financial sector, retail, transport, and public services will face the strictest requirements.

Five Strategies for Business Survival and Growth in the Digital Era

Invest in people. Building human capital is paramount. Companies that implement cybersecurity literacy programs and train both IT staff and frontline employees can minimize vulnerability to human-factor risks. Employees are the first line of defense, not the weakest link.

Adopt cloud and MSSP solutions. SMEs often cannot maintain robust in-house cybersecurity infrastructure. Managed and cloud-based services provide cost-effective, scalable protection, allowing businesses to focus on growth.

Implement AI and automation. Modern SOC, XDR, and SIEM solutions with AI capabilities analyze vast amounts of data in real time, detect anomalies, and block attacks before damage occurs. This is no longer futuristic—it’s essential for survival.

Build a Zero Trust strategy. The “trust but verify” approach is outdated. Zero Trust architecture assumes no implicit trust—every device and user is verified, with micro-segmentation and continuous monitoring, complicating attacks and improving transparency.

Engage in industry alliances. Businesses cannot face threats alone. Professional communities and alliances enable information sharing, collaborative projects, and dialogue with regulators, fostering truly effective and adaptive cybersecurity strategies.

Uzbekistan has already become an IT and investment magnet. Only those prioritizing security will protect their business and lead Central Asia’s new digital future.

Looking Ahead: Business-State Synergy

By 2028, companies that restructure their processes and culture today will become engines of growth and trust. With each incident potentially threatening operations, only a comprehensive, long-term, and collaborative approach can turn cybersecurity from a cost center into a competitive advantage.

Uzbekistan has entered a new stage of development: businesses must keep pace with challenges, focusing on cybersecurity, while the country has a unique opportunity to develop digital services and protection in tandem, creating an environment where innovation drives safe and confident growth.

It is time to invest not just in hardware, but in minds, processes, and synergy. Verify, don’t just trust—and your business in Uzbekistan will not just survive but set an example for the region.

Authors: Konstantin Melnikov and Ilkhom Begmatov, Softline