Laos Scorecard
Laos is a digitally developing but structurally fragile cyber environment: internet and digital service adoption are growing, but infrastructure and cybersecurity capacity lag far behind most regional peers. While it is not a prime espionage target in the way larger ASEAN economies are, Laos has become deeply entangled in the region’s transnational cybercrime crisis, particularly scam compounds and cyber-slavery tied to fake job offers and Chinese-led criminal networks.
​
Laos is still behind many ASEAN peers in digital infrastructure and cybersecurity readiness, but it’s already being used as a host and transit zone for scam compounds and cyber-slavery operations, especially tied to overseas job scams and transnational criminal groups.
Overall Position : Low–moderate cyber maturity, low but growing digital exposure, disproportionately high risk from scam compounds and trafficking-linked cybercrime.​
​
Cyber Maturity 4/10 Laws and a national CERT exist, but overall capacity and strategy execution lag peers.
​​
Threat Activity 7/10 High impact from scam compounds and trafficking-linked cybercrime, less classic APT focus.
​​​​​​​​
Digital Exposure 5/10 Internet use and speeds are rising, but infrastructure is still patchy and lagging in rural areas.
​​​
Law Enforcement Capability 4/10 Legal tools exist, but capability and readiness indicators remain low.
​​​​
Geopolitical Risk 5/10 Landlocked, China-aligned state with moderate geopolitical exposure and growing crime networks.
​​​​
Scam/Fraud/Trafficking 5/10 Part of the main SEA “fraud factory” belt, with documented cyber-slavery and scam compounds.
CYBER MATURITY ASSESSMENT
Laos has a cybercrime law, an electronic data protection law, and a national CERT under the Ministry of Technology and Communications, which is a decent legal and structural starting point.
​
However, national cybersecurity strategy and CIIP frameworks are still developing, and readiness indicators show the country lagging behind most neighbors.
​
-
Law on Prevention and Combatting Cyber Crime (2015) criminalizes cyber offences and establishes LaoCERT responsibilities.
-
Law on Electronic Data Protection (No. 25/NA) governs electronic personal data and assigns MTC oversight.
-
LaoCERT established in 2012, now a division within the Department of Cyber Security at MTC.
-
National cybersecurity strategy and CIIP policy have been in “draft / planning” stages for years.
-
Global indices show low cyber-preparedness compared to many ASEAN states.
4/10
DIGITAL EXPOSURE
Laos’ digital exposure is growing from a relatively low base: more than 4.9 million internet users and ~63.6% penetration as of 2025, but broadband infrastructure is still limited and uneven.
​
-
4.97M internet users and 63.6% penetration reported in 2025; millions still offline.
-
Previous World Bank and ERIA assessments highlight slow, expensive, and unreliable connectivity, especially outside major cities.
-
Digital economy and e-services are starting to develop but remain modest compared to Indonesia, Vietnam, Thailand, or the Philippines.
-
Net result: growing attack surface, but still smaller than big regional economies.
5/10
GEOPOLITICAL & ECONOMIC DRIVERS
Geopolitically, Laos is a China-aligned, landlocked state with strategic infrastructure and economic ties but no major external war. Its risk profile comes more from transnational crime networks than front-line military confrontation.
​
-
Strong economic and infrastructural reliance on China (dams, rail, investment) increases dependency and influence.
-
No large-scale civil war, but governance, corruption, and weak oversight create openings for organized crime and foreign influence.
-
Regional cyber and crime dynamics (scam compounds, trafficking) pull Laos into wider geopolitical discussions and sanctions conversations.
5/10
CURRENT THREAT ACTIVITY
While Laos is not a classic top-tier espionage target like the Philippines or Singapore, it is deeply entangled in regional scam-centre and fraud operations, including cyber-slavery compounds and cross-border cybercrime.
​
-
Reuters and other outlets explicitly cite Laos, Cambodia, and Myanmar as key scam-centre locations.
-
Investigations show people trafficked into Laos to work in cyber scam centers under coercive conditions.
-
Victims are forced to run large-scale investment/romance scams, targeting global victims via crypto and social platforms.
-
Traditional APT/espionage reporting is less visible, but crime-driven threat activity is very high relative to the country’s size.
7/10
LAW ENFORCEMENT & CYBERCRIME CONTROL
Laos has cybercrime and data protection laws on the books and a designated CERT, but overall capacity, readiness, and cyber safety competencies are still considered low, with limited public evidence of sophisticated enforcement.
​
-
Cybercrime law mandates prevention campaigns and awareness, with LaoCERT as focal point.
-
Data protection law creates obligations for entities handling electronic information, enforced by MTC.
-
Global indices show relatively low security preparedness and weak cyber safety competencies.
-
Public reporting on prosecutions, digital forensics capacity, and large-scale cybercrime crackdowns is limited compared to peers.
4/10
SCAM / HUMAN TRAFFICKING / FRAUD INTERSECTION
Laos is part of the “fraud factory” belt in mainland Southeast Asia: scam compounds, cyber slavery, and trafficking-for-cybercrime are now a documented reality in the country.
​
-
UN, media, and NGOs point to operations “being run from Laos” alongside Cambodia, Myanmar, the Philippines, and Thailand.
-
Victims from countries like India and across Africa have reported being trafficked into Laos and forced into online fraud work.
-
Compounds are involved in romance/investment scams, sextortion, and crypto fraud, with workers held under armed guard and threats.
-
​Laos is not as industrial-scale as Cambodia/Myanmar (which you rated 10/10), but it is clearly beyond “incidental” involvement, hence 8/10.
8/10