Inquiries about tightening cybersecurity from local companies have "surged" since the Edward Snowden incident, consultants said yesterday at the region's first international conference on cybercrime and computer forensics.
"Companies don't want to take the risk that they may be the 75 per cent," said Peter Tai from Enterprise Risk Services at Deloitte Touche Tohmatsu, referring to the claim by leaker Snowden that more than 75 per cent of the city's computers had been hacked by the US National Security Agency since 2009.
"Snowden basically alerted most Hong Kong businesses … but most companies haven't done anything yet," said Peter Koo, a Deloitte China partner who leads the company's security, privacy and resilience practice.
Koo said the obstacles facing most companies were a lack of executive support, budget and resources, as well as the everincreasing sophistication of threats and emerging technology. He said cybersecurity awareness was still relatively low in Hong Kong and that many companies and government agencies still had no satisfactory regulations in place.
Ramesh Moosa of PricewaterhouseCoopers said it took companies around the world an average of 243 days to realise they had been victims of cyberattacks. Two-thirds found out only when told by third parties, such as law enforcement agencies.
Moosa said enterprises should change their approach to cybersecurity to crisis management, requiring cross-departmental co-operation, instead of focusing only on prevention and seeing it as just the IT department's domain.
At the conference, the Hong Kong Monetary Authority said it aimed to release standards and guidelines for near-field communication (NFC) in November as the use of phones to make payments was expected to gain popularity among people with smartphones supporting a tap-and-pay function.
It is in discussions with about 20 banks, cybersecurity professionals and universities on a new regulatory framework to govern the mobile payment method to plug possible legal and security loopholes.
A bill is expected to be tabled in the Legislative Council in the second half of next year.