Cybersecurity in Papua New Guinea: Are They Ready for Digital Threats?

Show Links

Papua New Guinea’s rapid digital transformation brings massive cybersecurity risks—but is the country prepared? In this episode, we break down real-life cyberattacks, the biggest security challenges, and what PNG’s government and businesses must do before it’s too late.

We discuss:

  • The cyber threat landscape in PNG
  • Major breaches in government & banking—how they happened and how to prevent them
  • Critical security gaps in businesses & national infrastructure
  • What PNG needs to do to strengthen its cyber defenses

Whether you’re in government, IT, business, or finance, this episode is packed with insights & action steps to safeguard PNG’s digital future.

Episode Transcript

Welcome back to Don’t Be a Sitting Duck, the podcast where we break down cybersecurity into real-world conversations that matter. I’m Leigh Kefford, and today, we’re diving into a critical question: Is Papua New Guinea ready for the digital future? Because let’s face it – as businesses and government services go digital, so do the cyber threats. But the big question is: Are they prepared?
Papua New Guinea is on a fast track to digital transformation. We’ve seen online banking expand, e-government services launch, and businesses increasingly rely on the internet to operate. But with all this progress comes a harsh reality – cybercriminals are watching, waiting, and striking where defenses are weak.
Today, we’re going to explore the gaps in PNG’s cybersecurity, the risks businesses and government agencies face, and what needs to be done before it’s too late.
First, let’s talk facts. The world is experiencing an explosion of cyber threats – ransomware attacks, data breaches, and online scams. But here’s the kicker – developing nations like Papua New Guinea are prime targets because cybercriminals know security defenses are often weaker.
So let’s ask the tough questions:
  • Does PNG have a national cybersecurity strategy that’s actively enforced?
  • Are businesses aware of the risks, or are they assuming ‘it won’t happen to us’?
  • What happens if a government agency gets hacked tomorrow—do we have a response plan?

Let’s break it down further. Here are three big cybersecurity challenges facing PNG today.

  • Lack of Awareness & Training – Many businesses and government employees aren’t trained in basic cyber hygiene. Simple mistakes—like clicking on phishing emails—can lead to catastrophic breaches.
  • Weak Laws & Regulations – Yes, PNG has the Cybercrime Act 2016, but is it enough? Are companies legally required to report breaches? Without strong regulations, businesses may sweep incidents under the rug rather than fix vulnerabilities.
  • Limited Cyber Defence in Critical Infrastructure – Think about banks, telcos, and government databases. If BSP Financial Group, Digicel PNG, or a government system got hacked, what’s the backup plan? Do we have a National Cybersecurity Emergency Response Team to handle threats?

Now, I want you to imagine this – PNG’s online banking system goes down for an entire week due to a cyberattack.

  • What’s the financial impact? How do customers get their money?
  • Does the government have the technical expertise to respond?

These are the questions that leaders in government and business should be asking.

Because cybersecurity isn’t just an IT problem – it’s an economic and national security issue. To understand the gravity,

let’s look at some real-world examples.

  • In October 2021, PNG’s Department of Finance suffered a ransomware attack that locked the government’s payment system, disrupting operations and access to funds. Hackers demanded a Bitcoin ransom, but the government opted for system restoration without payment. This incident highlighted vulnerabilities in critical financial infrastructure.
  • In January 2025, the Internal Revenue Commission experienced a significant cyberattack, pushing systems offline and potentially exposing sensitive data of individuals and businesses, including Australian entities. The public was initially informed of a ‘system outage,’ but it was later confirmed as a cyberattack. This breach raised concerns about data security and the need for transparent communication during cyber incidents.
  • On February 21, 2025, the Bank of Papua New Guinea detected unusual network activity within an isolated test environment. The issue was contained by February 23, with no impact on critical banking systems. This incident underscored the importance of proactive monitoring and swift response to potential threats. These incidents serve as wake-up calls. They underscore the urgent need for robust cybersecurity measures to protect our nation’s critical infrastructure.

So, what can be done to improve PNG’s cybersecurity posture?

Here’s where the conversation needs to go:

  • Government Action – PNG needs a National Cybersecurity Strategy backed by stronger laws, funding, and enforcement.
  • Business Responsibility – Companies—big and small—need to invest in cybersecurity awareness training, secure backups, and multi-factor authentication (MFA).
  • Public-Private Collaboration – Telcos, banks, ISPs, and the government need to share cyber threat intelligence and work together to prevent attacks.

So, if you’re a business owner, a policymaker, or just someone concerned about PNG’s digital future—ask yourself:

  • Are they taking cybersecurity seriously enough?
  • What happens if they don’t act now?
  • And most importantly—who is responsible for making change happen?

Alright, folks—that’s a wrap for today’s episode! But the conversation doesn’t stop here. If you’re in business, government, or IT in PNG, start asking these questions in your boardrooms, in parliament, and in strategy meetings.

Cybersecurity is everyone’s responsibility. If your business needs expert cybersecurity solutions, we can help! Our team specializes in managed security services, compliance, and cyber resilience for PNG organisations. Reach out to us at nationalpc.com.au/png If you found this episode valuable, do me a favour—share it with someone who needs to hear it.

And as always, stay safe online, stay informed, and don’t be a sitting duck! See you next time!

Ready To Secure Your Business

Cyber threats are evolving every second—don’t wait until it’s too late. At National PC, we provide Empower Managed Services with built-in cybersecurity solutions to keep your business safe from data breaches, ransomware, and compliance risks.

🔐 Ready to take action? Visit NationalPC.com.au to learn how we can help safeguard your business with Empower SHIELD and our industry-leading cybersecurity solutions.

💡 Stay protected. Stay empowered. Get started today!

Other Episodes