Introduction: The Unfolding Digital Tally

Nepal stands at a critical juncture where rapid digital adoption clashes fiercely with systemic unpreparedness. The country has embraced the Information Technology (IT) revolution with remarkable speed; the expansion of internet access now covers over 90% of the population, leading to a substantial growth in e-governance, mobile banking, and e-commerce.¹ This shift has dramatically improved convenience but has simultaneously created a vast, unprotected digital frontier, culminating in a demonstrable crisis of systemic fragility.

The national cybersecurity posture is fundamentally unstable, a reality underscored by the most recent figures. The Cyber Bureau of Nepal Police registered 18,926 cybercrime cases during the last fiscal year (FY 2024/25), translating to an average of approximately 52 reported incidents every single day.⁴ Furthermore, this alarming criminal activity is causing severe economic hemorrhaging, with cyber-enabled financial fraud resulting in estimated losses of Rs 1.79 billion in FY 2024/25 alone.⁵ This report aims to dissect the core vulnerabilities that define Nepal’s digital landscape—spanning recurring infrastructure failure, outdated legal frameworks, acute policy implementation gaps, and severe human capacity deficits—and to delineate the critical policy pivot required to secure the nation’s digital future.

Section 1: The Alarming State of the Threat Landscape (FY 2024/2025)

1.1. Quantification of the Crisis: Cybercrime Trends and the Reporting Paradox

The analysis of reported cybercrime statistics reveals not just high volume, but also a complex landscape of data fragmentation and structural weaknesses. Cybercrime reports had previously peaked sharply at 19,730 registered cases in the 2023/2024 fiscal year.⁶ The most recent figures for FY 2024/25 show a marginal official reduction to 18,926 cases.⁴ However, this reported dip is not interpreted by authorities as a sign of improvement in security efficacy.

Superintendent of Police Deepak Raj Awasthi, spokesperson for the Cyber Bureau, indicated that the seemingly lower figure is likely a consequence of structural changes affecting data collection rather than a reduction in actual crime.⁴ Following a 2023 directive, the capacity to report and handle cyber-related crimes was decentralized to district police offices. This essential shift in case management has resulted in significant data lags, underreporting at the central level, and an overall incompleteness in the Cyber Bureau’s central database, as the bureau only records cases forwarded to it.⁴ This decentralization, while intended to improve local access to justice, has unintentionally created a profound fragmentation in national cybersecurity metric gathering, severely obstructing the accurate assessment of the threat level and hindering the formulation of informed national policy responses.

Furthermore, forward-looking statistical modeling suggests the crisis is, in fact, accelerating. A multi-year analysis of cybercrime trends projects a significant escalation in the near term, estimating 21,582 total cases for the 2025/2026 fiscal year.⁶ This projection, which represents an approximate 14.04% year-over-year increase from the most recent count, affirms that the overall severity of the cybercrime crisis is deepening, making the current data gap particularly problematic.

Table 1: Cybercrime Statistics and Trends in Nepal (FY 2020/21 – Projected 2025/26)

Fiscal Year (AD)	Total Cases Reported	Year-on-Year Change (Est.)	Financial Fraud Cases	% of Total Cases (Fraud)
2020/2021	3,906	N/A
2023/2024 (Peak)	19,730	Substantial Growth	4,112	20.84% (Calculated)
2024/2025 (Recent)	18,926	-4.08% (Official Dip/Decentralization)	7,723	40.82%
Projected 2025/2026	21,582	+14.04%	[Projection N/A]	[Projection N/A]

1.2. The Financial Fraud Epidemic: Why Scams Are Booming

The shift in crime typology reveals a sharp focus by criminals on financial exploitation. Financial scams and fraud now represent the single most dominant category of cybercrime in Nepal. In FY 2024/25, financial incidents accounted for 7,723 cases, making up 40.82 percent of all reported cybercrimes.⁴ This category is exploding, having experienced a steep 87.82 percent increase from the previous year’s 4,112 cases, effectively doubling the rate of financial compromise within a single fiscal cycle.⁴

This financial fraud epidemic is a negative correlation of Nepal’s rapid digital financial inclusion. The public is being pushed into using digital channels like mobile banking and e-commerce at a speed that has fundamentally outpaced the widespread acquisition of necessary “cyber hygiene.” This disparity creates a highly lucrative, low-risk operating environment for cybercriminals. The financial hemorrhage is significant, with total cyber-enabled financial fraud reaching Rs 1.79 billion in the last fiscal year.⁵

Victim profiling has also shifted in response to these fraud schemes; the Cyber Bureau observed that total male victims now outnumber female victims, a trend attributed to the increasing prevalence of financial fraud that often targets men as primary victims or uses them, sometimes unknowingly, as money mules.⁴ Compounding this data is the widespread issue of underreporting. Law enforcement experts estimate that only 10 percent of actual cyber incidents are ever formally reported. This extreme underreporting is facilitated by the current legal vacuum where organizations are not mandated to publicly disclose cyberattacks, incentivizing institutions to conceal breaches to protect their reputation and avoid scrutiny.⁵ This secrecy further destabilizes the digital economy by eroding the transparency and trust essential for long-term growth and stability.⁷

1.3. Attack Vectors: Social Media as the New Battleground

Cybercriminal activity is heavily concentrated on consumer social media platforms, reflecting the high rate of internet penetration. Research identifies Facebook and its associated Messenger application as the primary conduit for cyber incidents, cumulatively accounting for 72.73% of all reported cases.⁶ The ubiquity of these platforms makes them fertile ground for the defamation, impersonation, and social engineering that drive financial fraud.

Moreover, the digital environment’s volatility is evidenced by the rapid emergence of new platforms as critical threat vectors. TikTok has shown an alarming and exponential growth rate in associated criminal activities, demonstrating a 3092.86% surge in its use as a medium for incidents.⁶ Beyond fraud, the common typologies of attacks analyzed by the Cyber Bureau include photo mutilation, revenge porn, defamation, hacking and unauthorized access, and ransomware attacks involving encryption and data theft.⁶ While extortion, encryption, and data theft remain persistent threats, the sheer volume of social-media driven personal and financial crime dominates the nation’s digital insecurity narrative.

1.4. Global Maturity Benchmarks: A Low State of Readiness

Nepal’s security posture is internationally assessed as underdeveloped, confirming that institutional maturity has failed to keep pace with technological adoption. The country currently ranks 109th on the National Cyber Security Index and 94th on the Global Cyber Security Index (GCSI).⁹ These low rankings reflect fundamental deficiencies in policy, legal structure, technical capacity, and institutional organization.

Furthermore, technical assessments reveal a significant resilience deficit. The Internet Society assigns Nepal an overall Internet Resilience score of only 45%.¹⁰ This means the country possesses only a medium capacity to withstand unexpected technical faults, major challenges, or large-scale attacks that might disrupt normal operation.¹⁰ This technical vulnerability confirms that the systemic operational failures observed in recent years are not anomalies but predictable outcomes of chronically weak defenses and inadequate preparation.

Table 2: Key Global Cybersecurity Maturity Benchmarks for Nepal

Index/Metric	Score/Ranking (2023/2024)	Assessment	Source
Global Cyber Security Index (GCSI)	94th (out of 160)	Low-Medium Maturity	9
National Cyber Security Index (NCSI)	109th	Significantly Lags Peers	9
Internet Resilience Score	45% (Medium Capacity)	Vulnerable to Faults/Challenges	10
E-Government Readiness Score	48.31	Adequate but Requires Improvement	10

Section 2: Systemic Fragility: Exposing Public and Financial Sector Vulnerabilities

2.1. The Critical Failure of Government Infrastructure (GIDC/NITC)

The most glaring manifestation of Nepal’s systemic vulnerability is the operational instability of its centralized infrastructure. The Government Integrated Data Centre (GIDC), located at Singha Durbar and managed by the National Information Technology Centre (NITC), functions as a critical single point of failure for the entire government digital apparatus. This centralized architecture, without corresponding investment in distributed defense, magnifies the impact of every attack.

The most recent catastrophic failure occurred in March 2025, when a powerful cyber onslaught collapsed over 400 government websites, including vital services for passport issuance, customs, and immigration.¹¹ This mirrored the paralyzing Distributed Denial of Service (DDoS) attack in January 2023 that rendered 1,500 government websites inoperable.¹ The resulting operational chaos demonstrated the real-world impact of digital insecurity: automated immigration verification systems at Tribhuvan International Airport (TIA) failed, forcing officials to revert to manual checks and causing queue delays lasting up to three hours for international flights.¹¹

This technical failure quickly escalated into a national security threat. Following the March 2025 outage, a hacker collective known as ShadowLeak announced that they possessed a backup database from the highly sensitive Office of the Prime Minister and Council of Ministers. The collective claimed to possess approximately 100,000 rows of personal data and actively marketed live shell access to internal government servers on darknet forums.¹¹ The claimed sale of high-level government data fundamentally compromises public confidence in the state’s digital governance and raises serious questions about digital sovereignty.

Operational consistency at the center has been further undermined by political decisions. The government announced in the 2023/24 budget its decision to abolish the NITC and integrate its functions into the Department of Information Technology (DoIT).³ However, this decision has not been effectively implemented, creating administrative confusion and disrupting the stable management of critical data centers, which handle services such as the integrated office management systems and the government cloud (G cloud).¹²

2.2. Critical Infrastructure Breaches: The “Easy Prey” Scenario

The frequency and depth of recent attacks highlight a fundamental lack of accountability regarding basic security implementation within the government. In July 2025, the Ministry of Education’s website was compromised, leading to unauthorized entry into internal systems and the release of private data belonging to thousands of workers and students, including names, phone numbers, citizenship numbers, and academic records.¹³ The hackers circulated this stolen data on Telegram and dark web forums, exchanging it for cryptocurrency. The official response to this severe breach, which involved temporarily taking the site offline under the ambiguous justification of “maintenance,” was criticized for obscuring the true severity of the incident.¹³

Even more alarming was the investigation into the major immigration portal attack at TIA earlier in March. The DDoS attack caused extensive chaos, leading to long processing delays at the border.¹³ Subsequent investigations revealed a shocking reality: the public-facing immigration portal lacked fundamental cybersecurity protections, failing to implement basic tools like proper firewalls or rate-limiting features.¹³

This reality exposes a profound contradiction. While the Nepal Telecommunications Authority (NTA) mandates rigorous security protocols, including Security Operation Centers (SOCs) and mandatory security audits for licensed Telcos and ISPs ¹⁴, critical, public-facing government infrastructure like the TIA portal is left exposed without even foundational defenses. This discrepancy suggests a widespread failure in internal government compliance and leadership accountability regarding national security policy execution.

2.3. The Banking Sector Under Siege

The financial sector, a key driver of digital transformation, faces existential vulnerability. Stakeholders consistently identify Nepal’s banking and e-commerce sectors as the most exposed targets in the country.¹⁵ This vulnerability is driven by high transaction volumes and a pervasive lack of adequate precautions and low institutional awareness regarding evolving threats.¹⁵

High-value incidents are becoming commonplace. In one notable case, Rs 35 million was stolen from an F1Soft account, allegedly facilitated by a hacked software system at a Citizens Bank branch.⁵ The details regarding the hacker’s access and the money transfer remain largely hidden due to the lack of mandatory disclosure and deep forensic investigations.⁵ Furthermore, the central bank itself has been targeted. In early 2024, the Nepal Rastra Bank (NRB) filed a claim with the Cyber Bureau to investigate unauthorized access attempts against its server.¹⁶ The subsequent arrest of a suspect was made possible by tracking the IP addresses continuously sending a barrage of requests and scripts in an attempt to probe for vulnerabilities.¹⁶

The increasing cyber risk compounds existing financial sector vulnerabilities. While financial soundness indicators generally demonstrate resilience and capital adequacy ¹⁷, supervisory bodies express growing concerns over intensifying vulnerabilities, specifically the upward trajectory of Non-Performing Loans (NPLs) and weak capitalization.¹⁸ Cyber risks add another layer of systemic uncertainty, threatening the long-term stability and soundness of the banking system.¹⁵

Section 3: The Policy and Legal Tug-of-War

3.1. The Foundational Deficit: The Electronic Transactions Act (ETA) 2006

Nepal’s primary legislative tool for addressing digital crime remains the Electronic Transactions Act (ETA) 2006 (2063 BS), which was introduced to ensure the security and reliability of electronic transactions.¹⁹ However, nearly two decades after its enactment, the ETA is dangerously outdated and insufficient for the complexity of the modern digital threat landscape.²¹

The law only addresses specific, limited types of cybercrime and completely lacks adequate provisions for dealing with prevalent contemporary issues such as complex financial fraud, cyberstalking, cyberbullying, and deepfakes.²¹ This legal vacuum creates a climate where many cybercrimes carry low risks of successful prosecution.

The efficacy of the ETA is further crippled by weak enforcement mechanisms. Law enforcement agencies, including the Nepal Police, often lack the specialized skills, technical expertise, and dedicated resources required to conduct complex digital forensic investigations and secure successful prosecutions.²¹ The lenient penalties prescribed under the outdated laws, and alleged corruption, further allow offenders to evade prosecution, thereby contributing to the atmosphere of low conviction risk.²²

3.2. Regulatory Momentum: The NTA Cyber Security Bylaw and the Privacy Act

Despite the foundational gaps, several sector-specific regulations have moved forward. The Nepal Telecommunications Authority (NTA) implemented the Cyber Security Bylaw 2077 (2020), which requires all licensed telecom service providers and ISPs to meet mandatory security standards. These standards cover everything from general security practices and infrastructure security to data privacy, requiring the establishment of SOCs, the management of administrative privileges, and regular security audits.¹⁴ This sectoral regulation demonstrates intent to secure critical communications infrastructure.

On the front of individual rights, the Privacy Act, 2018 (2075 BS), established Nepal’s first concrete legal framework for personal data protection, reinforcing the constitutional right to privacy.²³ This legal protection was significantly fortified by a Supreme Court ruling in September 2024. The court definitively reaffirmed privacy as a fundamental constitutional right and issued a mandate instructing Nepal Telecom to ensure comprehensive privacy safeguards in its procurement processes for new integrated billing systems, effectively demanding stronger data security practices across public services.²³

3.3. Legislative Progress and Controversy: The IT and Cybersecurity Bill 2024

In an attempt to supersede the ETA and address the escalating crisis, the Government of Nepal introduced the draft Information Technology and Cybersecurity Bill in March 2024.²⁴ The bill outlines ambitious goals, including the creation of a national cybersecurity center, a digital forensic center, enhanced protection for critical information infrastructure, and mandatory annual security audits for critical sectors.³

However, this legislative effort is fraught with controversy. Critics, including digital rights organizations, argue that the draft bill risks undermining the very digital rights it is meant to secure, representing a reactive policy overcorrection that sacrifices freedom for control. Specific provisions raise severe concerns:

1. Arbitrary Surveillance and Privacy Violations: Clauses in the bill threaten privacy rights by permitting arbitrary access to electronic devices and information without the requirement of judicial oversight.³ This directly contradicts the principles established by the Supreme Court’s 2024 ruling.²³
2. Chilling Effect on Expression: The bill includes vague and broad restrictions on online behavior and expression. Critics contend that these restrictions risk violating international human rights laws, specifically the ICCPR (International Covenant on Civil and Political Rights), potentially leading to excessive censorship and the suppression of free expression through intermediary liability provisions.³
3. Regulatory Hindrance to Innovation: The draft proposes mandatory licensing approval and yearly renewal requirements for companies operating cloud computing services and data centers.²⁴ This regulatory approach, which runs contrary to international practices in regions like the EU and USA, is seen as creating undue bureaucratic hurdles that could actively stifle innovation, deter foreign direct investment, and undermine economic growth.²⁴

Table 3: Comparison of Nepal’s Core Digital Legislation and Policy

Legislation/Policy	Year Enacted/Approved	Primary Scope	Current Status/Key Concerns
Electronic Transactions Act (ETA)	2006 (2063 BS)	Legal recognition of e-records, basic cybercrime punishment, digital signatures.	Outdated; insufficient for modern fraud and social media-driven crimes; weak enforcement mechanisms.19
Privacy Act	2018 (2075 BS)	Protection of individual personal data (constitutional right enforcement).	Provides framework, but enforcement requires stronger data security laws; reinforced by 2024 Supreme Court ruling.23
National Cyber Security Policy (NCSP)	2023 (August)	CI protection, institutional coordination, skilled resource development, cyber awareness.	Approved by Cabinet; facing severe implementation gap, as seen in GIDC and TIA security failures.11
IT & Cybersecurity Bill	Draft 2024	Critical infrastructure, national center, digital services regulation.	Under parliamentary review; risks arbitrary privacy violations and censorship; excessive bureaucracy for data centers.3

Section 4: Institutional Response and Capacity Deficits

4.1. The Struggle for a Central CERT and Coordinated Defense

A functional, centralized Computer Emergency Response Team (CERT) is essential for effective national cyber defense, allowing for coordinated incident handling, proactive risk management, and information sharing.²⁶ However, Nepal critically lacks this institutional anchor. The absence of an operational national CERT means that incident response across government agencies, the military, and the private sector remains slow, reactive, and fragmented.²⁷

The Nepal Telecommunications Authority (NTA) did commission a Detailed Project Report (DPR) for the “Establishment of Computer Emergency Response Team (CERT) for Telecom/ICT/ICT industry” in late 2022.²⁸ Yet, despite this initial allocation and the undeniable escalation of threats, the actual operationalization of a national CERT remains stalled. This prolonged institutional inertia, despite continuous high-profile breaches, is a visible sign that the state fails to prioritize the development of core national security infrastructure. Without a coordinating national agency, Nepal cannot transition effectively to automated threat response systems, a recognized requirement for staying ahead of sophisticated attackers.²⁷

4.2. Implementation Gap: The National Cyber Security Policy 2023

The National Cyber Security Policy (NCSP), approved by the Cabinet in August 2023, sets forth a comprehensive vision for national cyber defense, including coordinating activities, monitoring the protection of national critical infrastructure, and determining potential risk mitigation measures.²⁵

The gulf between official policy intent and technical reality is dangerously wide. The policy’s goal of monitoring and protecting Critical Information Infrastructure (CI) is negated by the recurring, high-profile operational failures of the GIDC ¹¹ and the shocking revelation that critical public infrastructure like the TIA portal lacked basic firewalls.¹³ These incidents demonstrate that security failures stem not from a lack of written policy, but from a profound breakdown in institutional execution and implementation of existing frameworks. Management and bureaucratic inertia, therefore, become the primary attack vectors for the state’s digital systems.

Further demonstrating a failure to execute the NCSP, Nepal maintains a high reliance on foreign commercial platforms, such as Gmail and Google Maps, for critical governmental communications and strategic sector applications.³⁰ This reliance exposes the nation to unnecessary geopolitical risks and confirms a deficit in sovereign technological investment necessary to develop secure, locally hosted, open-source alternatives.³⁰

4.3. Restructuring and Operational Consistency

The government’s attempts to abolish the NITC and integrate its management functions into the Department of Information Technology (DoIT) have created administrative and operational disruption.³ While the stated goal is to streamline operations and improve human resource management, the execution has led to confusion, hindering the stable and secure operation of essential digital services, including the maintenance of the government cloud and integrated office management systems.¹² This constant flux prevents the focus necessary for rigorous, consistent security practices in the highly vulnerable centralized data center.

Section 5: The Human Element: Awareness, Education, and Workforce Development

5.1. The Digital Literacy Debt: Fueling the Fraud Epidemic

The human element is repeatedly identified as the weakest link in Nepal’s security chain. The rapid increase in internet access, reaching over 90% of the population ¹, has not been matched by a corresponding increase in digital literacy or “cyber hygiene”.³¹ This widespread literacy gap is the single most challenging issue in combating cybercrime ³¹, directly fueling the epidemic of financial fraud and social engineering schemes that dominate crime statistics.⁴

High internet access does not equate to safe or “judicious use” of digital platforms.³¹ Users, particularly on high-volume platforms like Facebook and TikTok, are easily exploited by criminals who leverage social engineering, phishing, and impersonation tactics. The volume of financial fraud is directly proportional to the exploitation of this low collective digital literacy. Consequently, security investments must dramatically shift their focus, allocating equal priority toward education and awareness, not just technology acquisition.

5.2. Closing the Cybersecurity Skills Gap

A national shortage of trained cybersecurity professionals, combined with underdeveloped security infrastructure and fragmented regulations, leaves both public and private sector organizations severely exposed to sophisticated cyberattacks.⁷

Positive capacity building steps are being implemented through targeted corporate training. Private institutes are collaborating with the public sector, providing specialized training programs such as Certified Ethical Hacker (CEH) and Certified Information System Security Professional (CISSP).³³ These programs have successfully trained staff from critical enforcement and defense entities, including the Cyber Bureau, the Nepal Army, Police forces, and banking institutions.³⁴ These efforts focus on essential skills development through hands-on labs and customized, real-world scenario analysis to elevate the competence of elite units.³³

However, this capacity must be scaled nationally. Security experts emphasize that for military readiness, Nepal must establish a formal military cyber command under the Nepal Army, drawing lessons from regional neighbors such as India, Pakistan, and Bangladesh, who maintain dedicated military cyber units capable of both defensive and potentially offensive operations.³⁰

5.3. A Public Agenda: Integrating Cyber Hygiene

The only sustainable solution to raising the national collective defense mechanism is through broad educational reform. Digital literacy must be established as a national infrastructure priority. Cyber hygiene and media literacy must be systematically integrated into the curriculum of schools and mandated as regular training in workplaces and for all public servants.³⁰

To achieve this, the government must form a dedicated technical task force focused on promoting countrywide digital literacy. This effort must utilize local education units to effectively implement a federal framework of computer literacy, ensuring that the necessary knowledge reaches the vast population that now uses digital services.³¹

Conclusion: Turning Vulnerability into Opportunity

Nepal’s digital journey is currently defined by a profound and dangerous dichotomy: world-class connectivity coupled with systemic institutional, legal, and educational unpreparedness. This security gap is manifesting in critical infrastructure collapse, spiraling financial crime, massive economic losses, and a contested legal framework struggling to regulate technology without sacrificing constitutional rights. The resulting erosion of trust is a fundamental threat to the stability and legitimacy of e-governance and the long-term growth of the digital economy.

The continuous, high-profile failures—from the GIDC collapse ¹¹ to the lack of basic firewalls at the TIA portal ¹³—confirm that the crisis is rooted in a failure of institutional execution, rather than a lack of foundational policy. The path forward requires a shift from reactive damage control to proactive, coordinated, and resource-backed investment in five strategic areas:

1. GIDC Hardening and Accountability: Immediate, high-level technical segmentation and comprehensive security audits of the Government Integrated Data Centre are essential. This must be coupled with strict enforcement of basic cyber hygiene protocols, adhering to the strengthening advisory notes released in early 2025 ¹, and mandatory annual security audits for all critical public sector systems.³
2. Operationalize the National CERT: The establishment of a fully functional, centralized Computer Emergency Response Team (CERT) must be treated as an urgent national security priority, immediately moving beyond the prolonged Detailed Project Report (DPR) phase.²⁶ This organization is crucial for coordinating sophisticated incident response and building foundational national cyber resilience against high-level threats.
3. Refinement of Legislative Framework: The Information Technology and Cybersecurity Bill 2024 must be revised through open stakeholder consultation to remove provisions that threaten digital rights. Specifically, clauses permitting arbitrary access without judicial oversight and vague restrictions on online expression must be eliminated to ensure that the law effectively balances national security imperatives with the constitutional protections guaranteed by the Privacy Act 2018.³
4. Literacy and Capacity Mandate: Digital literacy and cyber hygiene must be established as a core national infrastructure priority. This requires systemic integration into primary and secondary education, complemented by mandated, recurrent training for all public employees, significantly raising the collective defense mechanism against the pervasive threat of social engineering and fraud.³⁰
5. Sovereign Tech Investment: Nepal must commit to strengthening its digital sovereignty by reducing reliance on foreign commercial platforms for critical governmental services and investing proactively in local tech startups developing secure, indigenous alternatives.³⁰

By prioritizing structural reform, accountability in execution, and widespread capacity building, Nepal possesses the opportunity to close its dangerous security gap, transforming its current low global ranking into a testament to regional resilience and securing a trustworthy foundation for its digital future.

Works cited

1. Nepal’s Digital Frontier: How Safe Are We from Cyber Attacks? – myRepublica, accessed November 13, 2025, https://myrepublica.nagariknetwork.com/news/nepals-digital-frontier-how-safe-are-we-from-cyber-attacks-14-86.html
2. Banking Sector in the Digital Era – New Business Age, accessed November 13, 2025, https://www.newbusinessage.com/news/45555/banking-sector-in-the-digital-era/
3. State of Digital Rights and Safety in Nepal 2024 – Digital Rights Nepal, accessed November 13, 2025, https://digitalrightsnepal.org/wp-content/uploads/2025/05/STATE-OF-DIGITAL-RIGHTS-AND-SAFETY-IN-NEPAL-2024-1-1-2.pdf
4. Nepal recorded 52 daily cybercrime cases last fiscal – The Kathmandu Post, accessed November 13, 2025, https://kathmandupost.com/national/2025/07/22/nepal-recorded-52-daily-cybercrime-cases-last-fiscal
5. Banks Under Cyberattack, State Lags in Response – Nepal News, accessed November 13, 2025, https://english.nepalnews.com/s/feature/banks-under-cyberattack-state-lags-in-response/
6. (PDF) The evolving landscape of Cybercrime in Nepal: A multi-Year …, accessed November 13, 2025, https://www.researchgate.net/publication/395379188_The_evolving_landscape_of_Cybercrime_in_Nepal_A_multi-Year_Analysis_of_Platform_Specific_Trends_and_Victim_Demographics_2077-2082_BS_2020-2025_AD
7. Nepal IT Digital Marketing: Strategic Bluepri | Gurkha Technology, accessed November 13, 2025, https://gurkhatech.com/digital-marketing-nepal-it-strategy/
8. 2025 Unit 42 Global Incident Response Report – Palo Alto Networks, accessed November 13, 2025, https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report
9. The Latest Cyber Crime Statistics (updated October 2025) | AAG IT Support, accessed November 13, 2025, https://aag-it.com/the-latest-cyber-crime-statistics/
10. Country Report for Nepal – Internet Society Pulse, accessed November 13, 2025, https://pulse.internetsociety.org/en/reports/NP/
11. Nepal’s Digital Collapse: The Government’s Cyber Crisis and Path to Recovery, accessed November 13, 2025, https://www.b360nepal.com/detail/26496/nepals-digital-collapse-the-governments-cyber-crisis-and-path-to-recovery
12. Neglecting data centres poses a growing threat to government operations and security, accessed November 13, 2025, https://english.onlinekhabar.com/unmanaged-government-data-centre.html
13. Cyberattacks Expose Cracks In Digital Security – The Rising Nepal, accessed November 13, 2025, https://risingnepaldaily.com/news/66707
14. NTA implements cybersecurity bylaw 2077 for cybersecurity standards – SAMENA Daily News, accessed November 13, 2025, https://www.samenacouncil.org/samena_daily_news?news=80651
15. Nepal’s Financial Sector Increasingly Vulnerable to Cyberattacks, Stakeholders Warn, accessed November 13, 2025, https://newbusinessage.com/news/41652/nepals-financial-sector-increasingly-vulnerable-to-cyberattacks-stakeholders-warn/
16. Behind Nepal Rastra Bank’s recent breach: The arrest of Navraj Lamichhane and a cybersecurity crisis unveiled – Onlinekhabar English, accessed November 13, 2025, https://english.onlinekhabar.com/nepal-rastra-banks-cybersecurity-crisis-unveiled.html
17. Financial Stability Report – Nepal Rastra Bank, accessed November 13, 2025, https://www.nrb.org.np/contents/uploads/2025/04/Financial-Stability-Report.pdf
18. Nepal: Fourth Review Under the Extended Credit Facility Arrangement-Press Release; Staff Report; and Statement by the Executive Director for Nepal in: IMF Staff Country Reports Volume 2024 Issue 225 (2024), accessed November 13, 2025, https://www.elibrary.imf.org/view/journals/002/2024/225/article-A001-en.xml
19. Highlights of Electronic Transactions Act, 2006 (2063) – Imperial Law Associates, accessed November 13, 2025, https://www.lawimperial.com/highlights-of-electronic-transactions-act-2006/
20. Electronic Transactions Act, 2063 (Nepal) – Overview & Key Provisions, accessed November 13, 2025, https://notarynepal.com/blog/electronic-transaction-act-nepal
21. (PDF) A CASE STUDY IN GAP AND WIKNESSES IN THE EXISTING LEGAL FRAMEWORK OF CYBER LAW IN NEPAL – ResearchGate, accessed November 13, 2025, https://www.researchgate.net/publication/378213580_A_CASE_STUDY_IN_GAP_AND_WIKNESSES_IN_THE_EXISTING_LEGAL_FRAMEWORK_OF_CYBER_LAW_IN_NEPAL
22. 2025 Investment Climate Statements: Nepal – U.S. Department of State, accessed November 13, 2025, https://www.state.gov/reports/2025-investment-climate-statements/nepal
23. How Privacy Act covers you | The Farsight Nepal, accessed November 13, 2025, https://farsightnepal.com/news/how-privacy-act-covers-you/
24. IT Bill requires a serious revision – The Annapurna Express, accessed November 13, 2025, https://theannapurnaexpress.com/story/48543/
25. Developing a National Cyber Security Policy for Nepal – DKI APCSS, accessed November 13, 2025, https://dkiapcss.edu/developing-a-national-cyber-security-policy-for-nepal/
26. Nepal CERT : An initiation of CAN Federation, accessed November 13, 2025, https://www.nepalcert.org.np/
27. Nepal’s cybersecurity landscape: Challenges and the path to automated threat response, accessed November 13, 2025, https://english.onlinekhabar.com/nepals-cybersecurity-landscape-challenges-and-the-path-to-automated-threat-response.html
28. EXPRESSION OF INTEREST (EOI) – Nepal Telecommunications Authority, accessed November 13, 2025, https://www.nta.gov.np/uploads/contents/DPR-CERT.pdf
29. National Cyber Security Policy, 2023, accessed November 13, 2025, https://giwmscdnone.gov.np/media/pdf_upload/National%20Cyber%20Security%20Policy_English_version_dowpymd.pdf
30. Safeguarding Nepal’s digital future – The Kathmandu Post, accessed November 13, 2025, https://kathmandupost.com/columns/2025/08/27/safeguarding-nepal-s-digital-future
31. Need For Digital Literacy In Education – The Rising Nepal, accessed November 13, 2025, https://risingnepaldaily.com/news/64138
32. Nepal’s Cybersecurity Landscape: Analyzing the Draft Information Technology and Cyber Security Bill 2024 – RA & Associates, accessed November 13, 2025, https://www.raandassociate.com/nepals-cybersecurity-landscape-analyzing-the-draft-information-technology-and-cyber-security-bill-2024/
33. Cybersecurity Training in Nepal, accessed November 13, 2025, https://skilltrainingnepal.com/course/cybersecurity-training-in-nepal
34. Corporate Training – IT Security Nepal, accessed November 13, 2025, https://itsecuritynepal.com/corporate-training/