Hacking of company computer systems on the rise in China

Survey of executives reveals heavy toll for businesses and their customers, with records compromised and identity information stolen

PUBLISHED : Thursday, 12 December, 2013, 3:29am
UPDATED : Thursday, 12 December, 2013, 3:30am

Hacking of corporate computer systems is on the rise in China, including Hong Kong, according to an annual survey.

Business executives told a survey by PricewaterhouseCoopers that employee and customer records had been compromised or could no longer be accessed, internal records had been damaged or lost, and data that could identify clients and staff had been stolen.

In some cases employees had leaked or stolen data, while hackers and people working for rival companies had staged external attacks, they said.

"The number [of attacks] unfortunately may just rise and rise," said Charles Mok, who represents the information technology sector on the Legislative Council.

The PwC survey covered 9,600 business executives - from CEOs to risk and information officers - in 115 countries. Some 670 of the executives work for companies in China, including Hong Kong.

Ten major Asia-Pacific economies were surveyed. The region's companies reported an average of 2,958 computer security incidents each per year. The average for companies in China was 429, nearly 20 per cent higher than the corresponding figure of 360 last year.

Kenneth Wong, risk assurance partner at PwC Hong Kong, said: "Organisations are getting better [with] technology tools … to detect and prevent security incidents from occurring, [but] cybercriminals are always out there [and] becoming increasingly sophisticated."

Losses for firms across China averaged US$1.8 million, the highest in Asia, but companies in North America lost US$3.1 million on average last year.

Leung Siu-cheong, a senior consultant from the Hong Kong Computer Emergency Response Team Co-ordination Centre, said Hong Kong's fast internet speeds and hackers' use of compromised computers allowed them to launch "very efficient" attacks.

When asked how their organisations were affected, 44 per cent of executives questioned in China, including Hong Kong, cited damage to or the loss of internal records, compared with a global average of 29 per cent.

Nearly half of them also said employee records had been compromised.

A spokeswoman for the city's privacy commissioner said that of the 1,233 data privacy complaints received in 2012-13, 73 per cent were made against private-sector organisations.

The survey findings stoked fears about the adequacy of safeguards to prevent the loss of data.

Mok, the legislator, said businesses' awareness about information security had not kept pace with the threats they faced. He wants the Hong Kong government to give small and medium-sized enterprises grants to improve security.