As Bhutan embraces rapid digital transformation, concerns about the safety of personal information are becoming increasingly urgent. With more citizens relying on mobile banking, online services, and digital platforms, questions are emerging about whether sensitive data may already be exposed—and whether the country is fully equipped to counter evolving cyber threats.
These issues dominated discussions at Bhutan’s first-ever Governance, Risk, and Compliance (GRC) conference, where policymakers and cybersecurity experts gathered to examine the nation’s preparedness in an increasingly connected world.
The expansion of digital services has brought convenience, but it has also widened the door to potential risks. Everyday online activities—such as responding to advertisements or sharing personal and organisational information—can unknowingly expose users to cyber vulnerabilities.
Experts stress that, while the threat landscape is becoming more complex, basic precautions remain one of the most effective lines of defence. Just as individuals safeguard physical assets—like keeping house keys secure or protecting ATM PINs—the same level of caution must be applied in the digital realm.
Cybersecurity specialist Deepesh Chitroda highlighted that simple, low-cost measures can significantly enhance online safety. Strong passwords, combined with additional security layers such as multi-factor authentication (MFA), are critical tools. Features like one-time passwords (OTPs) and verification steps on platforms such as email and cloud services provide an added shield against unauthorised access.
However, experts caution that Bhutan’s current approach to cybersecurity must evolve. As digital adoption accelerates, relying solely on compliance measures or policies on paper is no longer sufficient. Instead, there is a growing need for robust systems and proactive strategies that can respond to emerging threats, particularly as artificial intelligence becomes more integrated into daily life.
Despite rising concerns, specialists note that fears around AI and data misuse are often overstated. While free digital tools may involve some level of data collection, paid or subscription-based services typically offer stronger protections, giving users greater control over their information, including the ability to delete it.
Bhutan has already taken steps to strengthen its cyber defences. Initiatives such as the National Digital Identity system aim to enhance user verification and reduce fraud. Yet, experts agree that technology alone cannot guarantee safety.
Ultimately, individual behaviour remains a decisive factor. Responsible internet use, awareness of potential risks, and adherence to basic security practices are essential in safeguarding personal data.
As Bhutan continues its digital journey, the challenge will be to balance innovation with resilience—ensuring that progress does not come at the cost of security.
