As Papua New Guinea’s digital economy grows, global financial services company Visa and consulting firm KPMG are urging local businesses to make cybersecurity a strategic priority. Speaking at a business risk roundtable in Port Moresby in early July, the firms highlighted that PNG’s increasing dependence on digital payment platforms and cloud-based systems is exposing companies to a sharp rise in cyber threats.
According to Visa’s Pacific Head of Risk, Papua New Guinea is at a tipping point in digital adoption –with mobile payments, e-commerce, and fintech usage expanding rapidly across both urban and rural centres. However, this growth has outpaced the development of local cybersecurity infrastructure, including fraud detection, incident response, and customer education.
Businesses have been warned that Papua New Guinea was entering a high-risk phase in which digital participation was increasing while cybersecurity maturity remained low. They cautioned that without urgent investment in cyber defences, the country risked losing consumer trust, suffering reputational harm, and facing significant financial fraud incidents.
Experts have pointed to weaknesses in both public and private sector systems. It noted that while large banks and telecom providers have begun deploying advanced cybersecurity tools, many small and medium-sized enterprises (SMEs) lack basic defences such as data encryption, multifactor authentication, and cybersecurity training for staff.
The session also raised the potential for state-level vulnerabilities, especially with increased digitisation in government services and the upcoming roll-out of national identification and e-governance systems. The establishment of a national cybersecurity task force with participation from banks, telcos, utilities, and government agencies has been recommended.
The threat landscape in Papua New Guine mirrors trends seen across the wider Asia-Pacific, where ransomware, phishing, and data breaches have surged. However, Papua New Guine’s limited regulatory enforcement and resource constraints make its systems more attractive to cybercriminals.
The message was clear: cybersecurity is not just an IT issue –it’s a business imperative. For Papua New Guinea to continue integrating with global financial systems and attract investment, a secure digital environment is essential. Businesses were advised to conduct cybersecurity audits, train employees in fraud awareness, and invest in scalable cyber risk management systems.
The session concluded with a call for cross-sector collaboration, including support for Papua New Guine’s financial institutions to build local capacity and share threat intelligence. If Papua New Guine fails to act, experts warned, the digital economy gains of the past few years could be quickly undone by a major breach.
