Hong Kong police received over 440,000 leads on cyberattacks against city in 2024

Hong Kong police received more than 440,000 pieces of intelligence on cyberthreats targeting the city last year, while 5 per cent of publicly accessible technology assets owned by critical infrastructure operators were vulnerable to online attacks, a first-of-its kind review has found.

In a report released on Monday, police said they assessed 90,000 pieces of technology assets, including digital resources such as IP addresses and online domains, and found 4,500 tested items had system loopholes.

“If these loopholes are not discovered and fixed, when cyberattacks happen, they will definitely affect important services in Hong Kong or even affect residents’ usage,” Raymond Lam Cheuk-ho, chief superintendent of the cybersecurity and technology crime bureau, warned.

Hong Kong passed a law in March mandating that an undisclosed list of private operators in eight sectors deemed as critical infrastructure for the normal functioning of society must conduct regular security checks on their computer systems.

The industries were the energy, information technology, banking, communications, maritime and healthcare services, and land and air transport sectors.

Under the law, firms can be fined up to HK$5 million (US$637,685) for failing to keep their systems up to date. Regulated firms must also notify authorities within 12 hours of a cybersecurity breach.