(Hong Kong, 28 September 2021) The Hong Kong Productivity Council (HKPC) released the results of the “HKT Hong Kong Enterprise Cyber Security Readiness Index 2021”, which reports an Overall Index at 49.6 (maximum being 100), a slight increase of 2.7 from that of a similar survey last year (https://www.hkpc.org/en/about-us/media-centre/press-releases/2020/ssh-index2020), with that of SME rising 4.9 from 42.7 to 47.6 - indicating that Hong Kong enterprises are attaching more importance to cyber security in an increasingly digitalised business environment.
The Overall Index comprises of four areas: “Policy and Risk Assessment”, “Technology Control”, “Process Control” and “Human Awareness Building”. Apart from “Policy and Risk Assessment”, which recorded a small drop of 0.6 to 45.5, the other three all reported increases. “Technology Control” performed the best at 66.7, with its “Cyber Threat Detection” sub-index surging 25.2 to 65.7 this year. Significant improvement was also observed in the “Third Party Risk Management” sub-index of “Process Control” which went up 14.6 to 38.6.
By sector, “Financial Services” (62.9) continued to be the most vigilant at the “Managed” level, while other sectors, with scores of 42 to 52.3, remained in the “Basic” level with the highest increase in “Professional Services”.
The survey explored the opinions and deployments of the surveyed enterprises on managed security services (MSS). An all-round MSS provider aims at helping enterprises to assess, mitigate and prevent the threats of cyber attacks. It offers all levels of enterprise network security services, ranging from designing security policies and measures, conducting security tests, to integrating security solutions and providing secure broadband connectivity, to meet the demands from customer ranging from SMEs to the most demanding multinational companies.
The survey shows that surveyed enterprises believe that the benefits of using MSS perfectly meet the challenges they encountered in cyber security management. The benefits of MSS include: (1) higher flexibility; (2) relatively more affordable than investing in a complete set of innovation and technology infrastructure; and (3) being able to offer the support of cyber security experts. However, enterprises are still encountering threats of various external cyber attacks, in which phishing email (82%) and ransomware (42%) are the two most common types of such attacks.
Mr Alex Chan, General Manager, Digital Transformation of HKPC, said, “COVID-19 has expedited the digital transformation of Hong Kong enterprises and reshaped the work patterns and internet usage habits of Hong Kong people. With the prevailing trend of hybrid workplace models, online shops, online business processes and collaboration, cyber security issues become more essential to be reckoned with. Enterprises are also starting to take action to strengthen cyber security to resist known or potential cyber threats. Given the shortage of cyber security professionals, technical cyber security measures such as adopting MSS can undoubtedly provide enterprises with fast, reliable and flexible technical support.”
He added, “Nevertheless, enterprises still need to strengthen non-technical cyber security measures and raise the cyber security awareness of employees, thus establishing an effective line of defence to thoroughly defend against cyber attacks. Enterprises should provide regular training for employees to learn about the latest trends in cyber security incidents, study from them, and stay vigilant. Nowadays, with digital development booming, phishing websites are rampant. Enterprises must remind their employees to properly manage emails, especially to delete suspicious emails promptly, and teach them how to verify the authenticity of extortion emails. In addition to training, enterprises should also conduct regular cyber security incident drills to test whether employees are adequately prepared to deal with common cyber attacks, so as to enhance their awareness of identifying and reporting suspicious emails. To address this situation, HKPC provides corporate employees with relevant training courses, aiming to raise their vigilance towards cyber threats and awareness of identifying suspicious emails. HKPC also organises cyber security-related activities to instil the latest cyber security information into the industry, being committed to lifting the cyber security readiness index of Hong Kong enterprises to ‘Managed’ level.”
In terms of cyber security support, local enterprises can leverage the funding support from the "Technology Voucher Programme" under the Innovation and Technology Fund of the Innovation and Technology Commission of the HKSAR Government to strengthen cyber security technology and mitigate cyber security risks and the impact of cyber security incidents. They can also browse HKPC’s Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) website to conduct the “Check Your Cyber Security Readiness” online self-assessment (https://www.hkcert.org/resources/check-your-cyber-security-readiness) to obtain appropriate practical guidelines and suggestions to improve cyber security of their organisation by themselves. In addition, in terms of enhancing cyber security awareness, the industry can participate in the second “Hong Kong Cyber Security New Generation Capture the Flag Challenge 2021” jointly organised by HKPC and HKCERT (https://ctf.hkcert.org) in November, so as to enhance the cyber security knowledge and interest of the staff, and nurture relevant local talents to cope with the new challenges of cyber security.
Conducted independently by HKPC, supported by HKCERT and sponsored by internet service and MSS provider HKT, the survey assesses the readiness of Hong Kong companies in tackling today’s cyber threats. In the survey, telephone interviews with 380 enterprises covering six industry sectors were conducted in August 2021. The results of the “HKT Hong Kong Enterprise Cyber Security Readiness Index 2021” can be downloaded from https://events.hkpc.org/1061285757/hkt_hkecsr_2021.pdf.
- Ends -