Cybersecurity queries surge in wake of Snowden claim

Inquiries about tightening cybersecurity from local companies have "surged" since the Edward Snowden incident, consultants said yesterday at the region's first international conference on cybercrime and computer forensics.

"Companies don't want to take the risk that they may be the 75 per cent," said Peter Tai from Enterprise Risk Services at Deloitte Touche Tohmatsu, referring to the claim by leaker Snowden that more than 75 per cent of the city's computers had been hacked by the US National Security Agency since 2009.

"Snowden basically alerted most Hong Kong businesses … but most companies haven't done anything yet," said Peter Koo, a Deloitte China partner who leads the company's security, privacy and resilience practice.

Koo said the obstacles facing most companies were a lack of executive support, budget and resources, as well as the everincreasing sophistication of threats and emerging technology. He said cybersecurity awareness was still relatively low in Hong Kong and that many companies and government agencies still had no satisfactory regulations in place.

Ramesh Moosa of PricewaterhouseCoopers said it took companies around the world an average of 243 days to realise they had been victims of cyberattacks. Two-thirds found out only when told by third parties, such as law enforcement agencies.

Moosa said enterprises should change their approach to cybersecurity to crisis management, requiring cross-departmental co-operation, instead of focusing only on prevention and seeing it as just the IT department's domain.