“SSH Hong Kong Enterprise Cyber Security Readiness Index Survey” Down 2.4 Points to 46.9 - Staying Vigilant for Cyber Threats in Stormy Times
(Hong Kong, 12 May 2020) The Hong Kong Productivity Council (HKPC) released the latest results of the “SSH Hong Kong Enterprise Cyber Security Readiness Index Survey”, which reports an Overall Index at 46.9 (maximum being 100), a slight decrease of 2.4 from the survey last year - indicating that Hong Kong companies may have lowered their guard on cyber defence readiness marginally from last year due to the need to prioritise their resources in combating current business downturn.
The Overall Index comprises of four areas: “security risk assessment”, “technology control”, “process control” and “human awareness building”. All their sub-indices fell this year. “Technology control” remained on the top for the second year scoring 60.1, while “human awareness building” sank further to 26.9. In terms of industry sectors, Financial Services (62.9) continued to be the most vigilant at “Managed” level while other industries, with scores of 40.9 to 51.9, were at “Basic” level.
The survey also found that 56% of the respondents have encountered external cyber attacks in the last 12 months, compared to 41% in the 2019 survey. Phishing email (83%), ransomware (41%) and CEO scam (26%) were the top three types of attacks. HKPC noted that most of them were financially motivated with cyber criminals seeking to maximise their illicit returns.
The respondents were also surveyed on the management of “Privileged Access”, a practice to allow internal staff or external partners to navigate an organisation’s IT systems or networks, and perform critical IT functions. With the growing importance of privileged accounts, only more than two-fifth of them (43%) would pledge to invest more time and budget respectively on managing privileged credentials, while one-third had actually employed two-factor or multi-factor authentication on privileged access. In addition, 30% of respondents planned to strengthen cyber security in the coming 12 months, with “endpoint security”, “system and network security solution” and “cloud security solution” their top 3 areas of investment.
Mr Edmond Lai, Chief Digital Officer of HKPC, said, “The drop in enterprises’ cyber security readiness may be a by-product of them refocusing resources to combat business downturn brought about by the global economic recession, China-US trade tensions, local social incidents and the COVID-19 pandemic. Yet, with digital transformation being an irreversible trend, any relaxation in cyber security by businesses is not affordable. Hence, apart from organising awareness building activities and issuing security advice through the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), HKPC also provides cyber security training and consultancy services in IT security to enterprises, ensuring they are healthy enough in the cyber world to withstand challenges from the real one.”
Hong Kong enterprises can leverage on various resources from the HKSAR Government and other organisations to strength cyber security. For example, they can apply funding support from the Distance Business Programme or Technology Voucher Programme over the deployment of advanced security solutions in the market such as automated suspicious activities detection technologies or credential-less privilege access management software. Also, they can join the government’s Cybersec Infohub to exchange information with industry peers to build up collaborative defence. In addition, companies can take the initiative themselves by downloading from HKCERT website (www.hkcert.org) free of charge specially-compiled DIY security guidelines such as “Seven Habits of Cyber Security for SMEs”, “IoT Security Best Practice Guidelines” and “Understanding and Tackling Supply Chain Attacks”, etc.
Conducted independently by HKPC, supported by HKCERT and sponsored by enterprise cyber security solutions provider SSH Communications Security, the survey assesses the readiness of Hong Kong companies in tackling today’s cyber threats. In the latest survey, telephone interviews with 315 enterprises from six industry sectors were conducted in March 2020. The full report of the “SSH Hong Kong Enterprise Cyber Security Readiness Index Survey 2020” can be downloaded from http://u.hkpc.org/ssh2020.
- End -