China’s cybersecurity has improved but risk of financial malware still high, report says

China’s cyberspace security level improved overall after Beijing introduced its cybersecurity law but it is still one of the countries most targeted by hackers using financial malware, according to a new report.

In a study of cybersecurity in 76 countries by tech research organisation Comparitech, China received a score of 29 this year. The metric reflects the chances of an attack, including from malware and cryptominers, based on the percentage of users attacked during the third quarter of 2019. The lower the score, the less risky the situation. Last year, China scored 41.

However, in the Comparitech report the world’s second-largest economy also ranked fifth in terms of financial malware attacks, behind Belarus, Uzbekistan, South Korea and Tajikistan, according to the report released on Tuesday. The ranking was based on the percentage of attacks in the third quarter of 2019, when 1.2 per cent of Chinese netizens were under attack, compared with 2.9 per cent in Belarus.

“The high penetration of digital payments in China makes local consumers an attractive target for criminals looking to deploy financial malware,” said Ben Wootliff, head of the Asia cybersecurity practice at risk consultancy Control Risks, who added that it may not be considered that high in proportion to the country’s relatively high level of digital payments usage.

Wootliff said Beijing’s cybersecurity law “is one of the key reasons why cybersecurity in China has improved over the past year or so”, but the big challenge is “about how to comply with a demanding set of regulations and what to do if you fall afoul of them.”

Beijing adopted a tough cybersecurity law in 2017, with dozens of departmental rules introduced in the following years. But instead of enhancing security, the regulations have faced growing concerns over individual and institutional privacy as Beijing strengthens its power as an internet regulator.