Demanding financial targets at Hong Kong firms are a major factor hindering effective cybersecurity defences, Kroll says
- 48 per cent of IT security decision-makers at Hong Kong firms said overstretched financial targets were a reason for cybersecurity mistrust
- Lack of cybersecurity trust can lead to duplication of work and defending against the wrong threats, Kroll survey finds
Nearly half of Hong Kong IT security executives who took part in a poll cited overstretched financial goals at their organisations as a barrier to effective cyber defences, with cyber threats increasing in number and sophistication, according to cybersecurity consultancy Kroll.
According to the report, 48 per cent of IT security decision-makers at Hong Kong firms surveyed said that “overstretched business or financial targets” were the main reason behind mistrust at their organisations, hindering the establishment of a robust cyber defence strategy, Kroll said on Monday.
“In Hong Kong, we work very hard and we place a lot of pressure around results and targets, and that pressure could be driving the fact that some trust is lost,” James McLeary, managing director and global lead of cyber risk advisory at Kroll, told the Post in an interview last week.
McLeary said that the lack of trust runs both ways, with senior managers sceptical that their cyber teams can prevent all threats, and cyber defence teams losing trust in senior management due to the pressure that they are under and not being given sufficient time to focus on strategic goals.
Globally, 42 per cent of cybersecurity executives cited aggressive business targets as the main reason for loss of trust, lower than in Hong Kong. A lack of communication and limited technical capabilities were among the main challenges felt by global IT security leaders, according to Kroll, which surveyed 1,000 senior IT security decision-makers across global markets.
The consultancy also found that senior cybersecurity decision-makers in Asia-Pacific were less trusting, with only 30 per cent saying that they “completely” trust their organisation is protected and can successfully defend against most, or all, cyberattacks, lower than the 37 per cent reported globally.
The lack of trust on cybersecurity is seen in senior management around the world, according to Kroll, which found that 95 per cent of cybersecurity decision-makers globally do not feel as though senior leadership trusts their security teams to protect their organisations from threats.
This could result in significant costs, including duplication of work and defending against the wrong threats, the two leading concerns in Hong Kong according to the survey, the consultancy said.
To ensure adequate cyber defences, organisations should “consider cyber insurance as a risk transfer mechanism”, Lester Lim, associate managing director at Kroll, told the Post. The firm found that only 23 per cent of those surveyed currently have specific cybersecurity insurance coverage.
Cyber threats are continually evolving in terms of attack methods and approaches, Kroll said in a report published in May. In the first quarter, cyberattacks on professional services firms increased 57 per cent over the fourth quarter last year, driven primarily by ransomware, the firm said.
Ransomware threatens to publish a victim’s personal data, or permanently block access to it, unless a ransom is paid.
