Kazakhstan's Ministry of Digital Development Releases Updated Cybersecurity Recommendations

Kazakhstan Issues New National Cybersecurity Guidelines Amid Rising Public Awareness

INFORMATIONAL
December 23, 2025
3m read
Policy and ComplianceRegulatory

Related Entities

Organizations

Ministry of Digital Development, Innovation and Aerospace Industry (MAIDD)Information Security Committee (ISC)

Other

Kazakhstan

Full Report

Executive Summary

The government of Kazakhstan has taken a proactive step to bolster its national cybersecurity posture by releasing an updated set of recommendations for citizens and organizations. Published on December 23, 2025, by the Ministry of Digital Development, Innovation and Aerospace Industry (MAIDD), the new guidelines focus on fundamental cyber hygiene and personal data protection. The release is timely, as a recent study highlighted a significant increase in public awareness of cyber threats, which rose to 86% in 2025. The nation's efforts are also reflected in its improved ranking in the Global Cybersecurity Index.

Policy Overview

The MAIDD's updated recommendations are part of Kazakhstan's ongoing strategy to create a safer digital environment. The guidelines are not strict regulations but rather a set of best practices intended to promote better security habits among the populace. The key recommendations include:

  • Use of Encryption: Encouraging the use of encryption to protect data both in transit and at rest.
  • Data Minimization: Advising citizens to limit the amount of personal information they share publicly online.
  • Antivirus Protection: Stressing the necessity of installing and maintaining updated antivirus software on all devices.

This public awareness campaign is supported by a government-provided mechanism for reporting security incidents. Citizens can report cases of illegal data collection or data leakage through the e-Government portal or directly to the Information Security Committee (ISC).

Rising Awareness and National Standing

The government's focus on cybersecurity appears to be resonating with the public. A recent study cited in the announcement shows that citizen awareness of cyber threats has jumped from 62.9% in 2018 to 86% in 2025. This increased awareness is a critical component of national cyber defense, as informed citizens are the first line of defense against threats like phishing and scams.

These national efforts have also been recognized internationally. Kazakhstan has improved its position in the International Telecommunication Union's (ITU) Global Cybersecurity Index, now placing in the "Advancing" tier with a high score of 94.4 out of 100. This indicates a strong commitment to developing and implementing effective cybersecurity policies and capabilities.

Impact and Guidance

For citizens and businesses in Kazakhstan, these recommendations serve as a clear and actionable guide to improving their digital security. Adhering to these guidelines can significantly reduce the risk of falling victim to common cyberattacks. The establishment of a formal reporting channel empowers individuals to take action when they suspect their data has been mishandled, fostering a culture of accountability.

For the government, this initiative represents a soft-power approach to cybersecurity, focusing on education and empowerment rather than solely on punitive regulation. By raising the overall level of cyber hygiene across the country, Kazakhstan aims to make itself a harder target for cybercriminals and other malicious actors.

Timeline of Events

1
December 23, 2025
Kazakhstan's MAIDD releases updated cybersecurity and data protection recommendations.
2
December 23, 2025
This article was published

Timeline of Events

1
December 23, 2025

Kazakhstan's MAIDD releases updated cybersecurity and data protection recommendations.

Sources & References

Kazakhstan: MAIDD releases cybersecurity recommendations
DataGuidance (dataguidance.com) December 23, 2025

Article Author

Jason Gomes

Jason Gomes

• Cybersecurity Practitioner

Cybersecurity professional with over 10 years of specialized experience in security operations, threat intelligence, incident response, and security automation. Expertise spans SOAR/XSOAR orchestration, threat intelligence platforms, SIEM/UEBA analytics, and building cyber fusion centers. Background includes technical enablement, solution architecture for enterprise and government clients, and implementing security automation workflows across IR, TIP, and SOC use cases.

Threat Intelligence & AnalysisSecurity Orchestration (SOAR/XSOAR)Incident Response & Digital ForensicsSecurity Operations Center (SOC)SIEM & Security AnalyticsCyber Fusion & Threat SharingSecurity Automation & IntegrationManaged Detection & Response (MDR)
LinkedIn

Tags

Kazakhstannational securitycyber hygienedata protectionpublic awarenessgovernment policy

📢 Share This Article

Help others stay informed about cybersecurity threats

🎯 MITRE ATT&CK Mapped

Every tactic, technique, and sub-technique used in this threat has been identified and mapped to the MITRE ATT&CK framework for consistent, actionable threat language.

🧠 Enriched & Analyzed

Observables and indicators of compromise (IOCs) have been extracted and cataloged. Risk has been assessed and correlated with known threat actors and historical campaigns.

🛡️ Actionable Guidance

Detection rules, incident response steps, and D3FEND-aligned mitigation strategies are included so your team can act on this intelligence immediately.

🔗 STIX Visualizer

Structured threat data is packaged as a STIX 2.1 bundle and can be visualized as an interactive graph — relationships between actors, malware, techniques, and indicators.

Sigma Generator

Sigma detection rules are derived from the threat techniques in this article and can be converted for deployment across any major SIEM or EDR platform.