Hong Kong firms playing dangerous game by taking cybersecurity lightly, experts warn
A top international law firm has warned businesses in Hong Kong and across Asia to increase their cybersecurity awareness and put policies in place to pre-empt cyber crime.
At a press briefing on Tuesday, representatives from DLA Piper said that companies in Asia are lagging far behind other regions.
"As a region, Asia Pacific is twice as likely to be targeted," said Scott Thiel, a partner at the firm's intellectual property and technology practice.
"The value of data as an asset, and the financial and reputational risks associated with cyber attacks mean that businesses need to protect themselves better."
This week, hackers threatened to leak the entire customer database of Canadian dating website Ashley Madison. The site has courted controversy for promoting extra-marital liaisons and claims to have thousands of customers in Hong Kong.
DLA Piper warned that data breaches can lead to regulatory fines and legal action, and have huge consequences.
"It can lower the company's value, damage reputation and ultimately, destroy the business,” said Anita Lam, a solicitor advocate who specialises in employment practice.
Lam said the majority of data breaches involve an employee who either helps attackers unintentionally by practising poor email or data security, or who deliberately leaks information due to harbouring some grievance.
"A top-down approach is needed," she said, adding that senior management, including board members, need to make cybersecurity more of a priority.
Last week, a leading US security expert said that businesses and industry groups in Hong Kong should follow the lead of the financial sector in forming a united front against cyber criminals, sharing information on attacks and tactics for better security.
"[Institutions] are recognising that if they don't share info they won't be as nimble in defence," said Mark Clancy, chief executive of cybersecurity firm Soltra.
Lam said companies that do not disclose breaches could be at risk of liability from the Hong Kong data commissioner or their customers.
"If you don't notify, you could be left with a bigger problem afterwards," she said.
Spending on cybersecurity in Asia Pacific is expected to hit US$32.95 billion by 2019, according to a recent report.