Hong Kong companies in rush to bolster online security systems
Large domestic and multinational companies in Hong Kong are stepping up efforts to buttress their cybersecurity resources after the revelations of whistle-blower Edward Snowden about wide-scale internet spying by US intelligence agencies.
"Reality is kicking in because the issue has hit closer to home," Henry Shek, the partner for management consulting at KPMG China, said of recent discussions with an undisclosed number of clients.
Netherlands-based KPMG is one of the world's largest professional-services firms.
Snowden had earlier told the South China Morning Post that the National Security Agency had been hacking computers in Hong Kong and the mainland since 2009. The targets include the Hong Kong Internet Exchange at the Chinese University, public officials, students and businesses in the city.
Other reports also revealed that thousands of technology, finance and manufacturing companies were working with US intelligence agencies, providing sensitive information and in return receiving benefits that included access to classified data.
"The lack of focus on cybersecurity risks [by large enterprises in Hong Kong] has meant that over the years, investment in information-technology security systems has not been a high priority," Shek said.
"Cyber-security is now firmly a boardroom agenda."
He added that companies "want tools that will help show more transparency" to identify and resolve threats.
Michael Gazeley, managing director at Hong Kong-based security-services provider Network Box, added: "There are major companies in Hong Kong which probably spend more money on Christmas decorations each year than they spend on cybersecurity."
Companies are expected to pay more attention to "technologies and services that will help them authenticate, encrypt and secure e-mail, as well as other data", Gazeley said.
Apparently, the last time there was a collective rush by many large companies in the city to upgrade their online security infrastructure was in 2011. "This investment spree lasted about six months," a person familiar with the matter said.
It was spurred by the wave of cyberattacks that crashed the regulatory disclosure website of Hong Kong Exchanges and Clearing (HKEx) in August that year. These so-called distributed denial-of-service attacks had jammed the site, preventing access to users as its capacity was overwhelmed and unable to handle online traffic.
That forced the suspension in trading of seven companies with a combined market value of HK$1.5 trillion. These included HSBC, Cathay Pacific Airways and HKEx itself.
Trading was also halted on a debt security as well as on 419 warrants and derivatives linked to the suspended stocks.
Secretary for Security Lai Tung-kwok said last week that the government would not disclose any details of the steps it had taken or would take to improve the city's cybersecurity.