Hong Kong faces second-highest risk of cybersecurity breaches in Asia, report finds
Hong Kong faces the second-highest risk of cybersecurity attacks in Asia despite having the most number of firms that increased spending on IT security, according to a new report.
Telecommunications company Telstra’s Cybersecurity Report 2017 found that 14.7 per cent of Hong Kong firms have been hit with cyber attacks in the last year. Hong Kong was narrowly behind India, which clocked in at 14.8 per cent.
In contrast, only 7.3 per cent of Singapore firms suffered from security incidents, the report found. The survey was based on 360 responses from C-suite executives and IT security managers at companies across Asia and Australia.
Hong Kong was also found to be among the most willing regions to invest in IT security spending, with over 89 per cent of Hong Kong respondents stating that their companies have increased spending by over 5 per cent. Only about 80 per cent of Singaporean firms and approximately 73 per cent of Australian firms increased spending by such a level, the report showed.
Other findings in the report were that the biggest cyber threats to Hong Kong companies are human-related, including human error, negligence and human security risks. Such risks include identity theft, phishing and ransomware.
“History has shown us that some of the most damaging attacks can come from inside your own workforce,” said Neil Campbell, Telstra’s director of security solutions. “You do have to protect humans from themselves.”
“At some point a human may fail to do the right thing, either by accident or on purpose, and it is [the company’s] role to put [measures in place] to protect them and protect the company against those moments,” he added.
Only 42.2 per cent of security incidents in Hong Kong were found to be due to technological threats such as viruses, malware or Distributed Denial of Service (DDoS) attacks.
There has also been a shift in perception in terms of cybersecurity responsibility, the report showed. Over 65.4 per cent respondents attributed responsibility to C-level executives, compared to about 35 per cent last year.
In 2015, over 83 per cent of respondents had indicated that cybersecurity was the responsibility of the companies’ IT departments.
“Security isn’t something that you give to a department; security is a mindset and an ongoing process that has to be built into the company’s culture by the executives,” Campbell said.
The large shift in opinion is a recognition of the “highly-visible C-level consequences” when it comes to the failure in taking security into account, he added.