China, Hong Kong firms face highest level of cybersecurity risk, says PwC
Chinese companies have seen a more than 900 per cent increase in cybersecurity incidents since 2014, following the country’s rapid adoption of connected devices and a dip in regional cybersecurity budgets, according to a survey by PricewaterhouseCoopers.
In 2014, only 241 security incidents were reported, compared to 2,577 so far this year, equal to a 969 per cent increase, according to PwC’s Global State of Information Security survey.
“The level of espionage or activity relating to cybersecurity incidents, such as data leakage or data theft is a lot higher [in China and Hong Kong] than any other countries,” said Kenneth Wong, PwC China and Hong Kong team leader for cybersecurity and privacy.
The rise in the number of incidents is due to the “huge rate of adoption” of Internet of Things (IoT) devices in the region, such as wearables, webcams and home automation systems, many of which are often not equipped with adequate cybersecurity measures and are easy to hack, said Marin Ivezic, partner for risk assurance, cybersecurity and privacy at PwC.
These devices can then be turned into “zombies” that launch cyberattacks on other devices and companies.
Despite the increase in incidents, total cybersecurity budgets for the Chinese companies surveyed in 2016 had dropped 7.6 per cent from the previous year to a combined US$7.3 million.
The dip in overall cybersecurity budget for Chinese companies could be a “reflection of the overall economy”, said Ivezic. China’s economy has slowed down due to growing debt and an overcapacity in its factories, while Hong Kong has also been negatively hit by the slowdown on the mainland.
The survey also found that companies view insiders to be the most likely source of cybersecurity incidents, accounting for 44 per cent of the incidents, especially as hackers become more sophisticated and tactics such as phishing attacks are increasingly targeted at companies.
Furthermore, the growing “bring your own device” (BYOD) trend also plays a part in the increasing number of cybersecurity incidents in China and Hong Kong, as millennials in the workforce today favour doing work on their own laptops or mobile phones in the office, Ivezic said.
On such private devices, companies are unable to implement the usual security measures deployed on company hardware, leaving sensitive or confidential material easily accessible on their device.
Over 440 executives from companies in China and Hong Kong were surveyed in the global survey spanning over 130 countries.
Ivezic called for IoT manufacturers to produce devices with better cybersecurity protection, instead of devices that have user names and passwords hard-coded into the device.
He also added that companies in China and Hong Kong need to educate their employees to better protect themselves against targeted malicious attacks, such as phishing emails, which compromise business email and could lead to account takeover attacks.