By: Prof Dr Tariq Rahim Soomro
Cybersecurity refers to the practice of protecting systems, networks, and data from digital attacks, unauthorized access, and damage through preventive measures like encryption, firewalls, and policy frameworks. The term Cybercrime encompasses illegal activities conducted via digital means, such as hacking, fraud, identity theft, and the dissemination of malicious content.
Let’s explore the demographic trends of the Pakistani population. The median age is 20.6 years, indicating a youthful population. If we categorize the population, it is interesting that 35.3 percent are under 15 years, 60.2 percent between 15 and 64, and 4.5 percent over 65.
Pakistan’s cyber landscape requires a balanced approach: robust legal frameworks (e.g., PECA 2025 amendments), institutional capacity-building, and public education. However, safeguards against misuse, such as judicial oversight and clear definitions, are critical to protecting civil liberties
The population of Pakistan as of April 2025 is 254.28 million, with real-time estimates indicating a growth rate of approximately 1.58 percent. Projections for mid-2025 suggest the population will reach 255.2 million. Pakistan’s Internet penetration rate stands at 45.7 percent, with 116 million internet users out of a population of 253 million. This reflects a steady growth trajectory, though challenges exist, such as infrastructure limitations, digital divide (urban-rural divides) and cybercrime victims. Mobile broadband dominates, accounting for 142 million subscriptions (compared to 3 million fixed broadband connections). The median mobile internet download speed improved to 20.89 Mbps (+25.3 percent year-on-year), while fixed broadband speeds reached 15.53 Mbps.
Pakistanis are fond of the following social media platforms:
Pakistan’s social media landscape: Platform-specific adoption trends:
| Platform | Active Users (2025) | percent of Population | Key Demographics |
| 60.4 million | 23.5 percent | Male-dominated (76.5 percent); largest age group: 18–24 (40.5 percent) | |
| Messenger | 49.9 million | 21.5 percent | 80.8 percent male; largest user group: 25–34 (37.8 percent) |
| YouTube | 55.9 million | 22.1 percent | Data incomplete, but ad reach suggests broad usage |
| 18.6 million | 8.0 percent | 64.9 percent male; largest age group: 18–24 (47.9 percent) | |
| TikTok | Market share: 1.79 percent | N/A | Rapidly growing, especially among younger demographics |
As far as market Share is concerned, Facebook dominates with 95.95 percent of social media traffic, followed by TikTok (1.79 percent) and YouTube (0.86 percent). Social media users skew heavily male (70.4 percent male vs. 29.6 percent female).
Keeping in view the Pakistani population penetration on the Internet, the traditional criminal moves towards cybercrime. Cybercrime is an emerging threat driven by rapid Internet penetration and limited regulatory frameworks. Key forms include hacking, financial fraud, cyberbullying, and identity theft.
Cyber-dependent crimes (e.g., hacking, malware) score 5/10 in Pakistan’s criminal markets, indicating moderate but growing activity. A 2023 study found that 42.85 percent of Pakistani university students experienced cyberbullying, with urban areas and higher socioeconomic groups more vulnerable . Financial crimes, such as phishing and credit card fraud, are rising due to weak cybersecurity measures and unlicenced software use.
Here we consider the prominent cybercrimes happening in Pakistan along with possible solutions.
- Cyber Terrorism and Recruitment: Cyberterrorism involves hacking critical infrastructure (e.g., government websites) or using social media to recruit for extremist groups. For example, Section 10 of PECA 2016 criminalizes cyberterrorism, with penalties up to 14 years imprisonment The possible challenges are lack of advanced forensic tools and cross-border coordination . The right solution had been made and a new agency formed. the National Cyber Crime Investigation Agency (NCCIA) with specialized training and funding. The new DG was appointed on April 4. This will enhance international cooperation through treaties like the Budapest Convention and implement real-time monitoring of extremist content on social media..
- Online Harassment and Child Exploitation: Includes cyberstalking, non-consensual sharing of explicit content, and child pornography. Over 150 journalists were charged under PECA in 2024 for “defamation,” often linked to critical reporting. The possible challenges are underreporting due to social stigma and weak enforcement.
The possible solutions are establishing dedicated Cybercrime Reporting Centres with 24/7 helplines (e.g., FIA’s CCW 1991 helpline, launch public awareness campaigns on digital literacy and safe online practices and enforce stricter penalties under PECA Section 21 (protection of women) and Section 22 (child abuse) .
- Financial Fraud and Phishing: Scams like Business Email Compromise (BEC) and SIM card fraud. In 2025, a Pakistan-based group, HeartSender, caused $3 million in losses through phishing kits. The possible challenges are lack of secure payment gateways and public awareness. The possible solutions are mandatory two-factor authentication for banking transactions, collaborate with international agencies (e.g., Interpol) to dismantle cross-border networks and train financial institutions to recognize and report suspicious activity.
- Misinformation and Fake News: The intentional spread of false information under Section 26A of PECA 2025 is punishable by 3 years imprisonment. The possible challenges are vague definitions like “public fear” enabling misuse against journalists. The possible solutions are to promote fact-checking initiatives and media literacy programmes and ensure judicial oversight for content removal by the Social Media Protection Tribunal.
- Identity Theft and Data Breaches: Unauthorized access to personal data for fraud. For example, hackers selling call records and email accounts. The possible challenges are weak data protection laws and poor compliance by private entities. The possible solutions are enacting a Data Protection Act with penalties for breaches, encouraging companies to adopt ISO 27001 cybersecurity standards and establishing Computer Emergency Response Teams for rapid incident response and officially Government of Pakistan announced the formation of the country’s first national CERT on 11 March 2024.
- Hacking and Malware Attacks: Attacks on government and private systems, such as Distributed Denial of Service (DDoS) and ransomware are becoming common in Pakistan, which ranks 14th in Asia-Pacific for cyber vulnerabilities. The possible challenges are outdated infrastructure and insufficient investment in cybersecurity. The possible solutions are to upgrade national cybersecurity infrastructure with AI-driven threat detection, conduct regular penetration testing for critical systems and foster public-private partnerships to share threat intelligence.
Pakistan’s cyber landscape requires a balanced approach: robust legal frameworks (e.g., PECA 2025 amendments), institutional capacity-building, and public education. However, safeguards against misuse, such as judicial oversight and clear definitions, are critical to protecting civil liberties.
The writer is Rector of the Institute of Business Management, Karachi, Chair Institute of Electrical and Electronics Engineers Karachi Section, and cybersecurity expert. He can be reached at [email protected],and  [email protected]
