Cyberattacks could cost Hong Kong massive US$32 billion annually, according to study

The potential economic losses in Hong Kong because of cybersecurity attacks could hit a whopping US$32 billion (HKS249.6 billion) annually – or about 10 per cent of the city’s gross domestic product – within the next few years, according to a study.

In such attacks, large organisations in the city with more than 500 employees were likely to suffer an average loss of US$24.9 million – 650 times more than that experienced by mid-sized firms with 250 to 499 workers, the study estimated.

The huge potential costs include ransom money and stock price changes as well as indirect setbacks such as reputational damage.

“Hong Kong is in line with other developed markets in terms of cyber resilience,” Microsoft Asia’s chief cybersecurity officer Michael Montoya said at an event at Hong Kong’s Cyberport on Thursday.

“As companies embrace the opportunities presented by cloud and mobile computing to connect with customers, they take on new risks.”

The study, commissioned by Microsoft and carried out by consultancy Frost & Sullivan, surveyed 1,300 business and IT executives in the Asia-Pacific region.

About 23 per cent of the firms polled in Hong Kong had experienced cybersecurity incidents, while another 25 per cent said they were unsure as they had not done proper data breach assessments. The other 52 per cent said they regularly checked security to make sure no breaches occurred.

Malware attacks hit record high in 2017, and it’s going to get worse

A total of US$1.745 trillion would be threatened if organisations experienced cybersecurity incidents in the region, accounting for 7 per cent of its combined GDP, the study said.

With the boundaries between IT and traditional companies disappearing, attackers now had new targets to hack, Montoya said.

Last year, there were a record 6,506 cybersecurity complaints locally, up 7 per cent on 2016, owing to a spike in malware attacks, according to the Hong Kong Computer Emergency Response Team (HKCERT), the city’s information security watchdog.

“We expect internet of things attacks to rise as manufacturers upgrade their machines and connect different devices,” HKCERT centre manager Leung Siu-cheong said.

“Mobile payment apps will be attackers’ new targets as Hongkongers embrace the technology.”

Highlighting the price of cyberattacks, international shipping company FedEx said a computer virus called NotPetya that targeted tax software cost it US$300 million last year.

The direct economic loss resulting from cyberattacks is just the tip of an iceberg, said Kenny Yeo, who focuses on cybersecurity at Frost & Sullivan.

How ransomware became the biggest thing in cybercrime

“Indirect loss such as reputation damage ... can be much bigger than financial write-downs,” he explained.

Companies in Hong Kong could either outsource their cybersecurity work or build their own team, Yeo added. “A major retailer in Singapore chose to outsource it and to focus on the company’s core business.”

Montoya said corporations in Hong Kong could move to cloud computing to lower the risks of being hacked as major providers of such services offer built-in features to fight cyberattacks.