The breaches in Hong Kong occurred due to weak encryption methods, with 57 per cent of attacks due to failure of encryption, and 55 per cent caused by a lack of two-factor authentication.

While Hong Kong companies understand the importance of cybersecurity and have one of the highest installation rates of end-point software such as antivirus and firewalls, they often fail to invest in more sophisticated layers of security, which ends up costing them dearly when a breach does occur.

According to the ESET survey, Hong Kong has the highest costs incurred per cybersecurity breach in the region at US$43,607, 19 per cent higher than Singapore at US$36,690 per breach.

“In [Hong Kong] SMBs, people would rather invest money in their core business than spend it on IT security to protect themselves from cybercriminals,” said Walia. “You can either spend the money beforehand to have different layers of security to prevent these breaches, or [end up paying for the breaches] not just in dollar value, but also reputation.”

But he also cautioned that investing in technology is not enough – education is imperative as human beings are most often the “weakest link” when it comes to cybersecurity.

“It is the biggest problem within organisations – the lack of education and training. While we need the technology to protect ourselves, it is equally important to educate and create awareness among employees on how data can be misused and the common tactics employed by cybercriminals on a regular basis,” Walia said

“Common mistakes are checking your company’s webmail on a public computer or not implementing security measures on company devices, like a password or fingerprint login.”