HK’s cyber security readiness improves, but remains at 'basic' level

The City's cyber security readiness went up by 5.8 points. 

Hong Kong’s cyber security readiness index has grown by 5.8 points to 52.8 compared with last year, however, it remains at the ‘basic’ level, according to a government survey.

This indicates that there is still "significant" room for improvement for enterprises. 

Hong Kong recorded a score of 70.9 points in Process Control, 57.3 in Technology Control, 52.1 in Policy and Risk Assessment, and 30.9 in Human Awareness Building. 

"The survey found that only one-third (35%) of the surveyed enterprises had provided cyber security awareness training for their employees, and only one-fourth (24%) had conducted drills to enhance employees’ cyber security awareness, indicating that enterprises need to bolster efforts in these two areas," the Hong Kong Productivity Council and the Office of the Privacy Comissioner for Personal Data, Hong Kong, noted in a joint statement.

The survey also found that both small and medium Enterprises (SMEs) (48.4 points) and corporates (73.1 points) have recorded increases of  4.8 points and 10.6 points respectively, with corporate reaching an all-time high.

Across business sectors, the financial services sector (68.3 points) remained at the ‘managed’ level. Although there is an increase for the Retail and Tourism-related sector (+12.0 points) and the professional services sector (+2.5 points), they are still below the 50-point threshold.

Furthermore, 69% had experienced at least one type of cyberattack in the past 12 months, a decrease of four percentage points from last year. This is mainly due to the reduction in the percentage of SMEs experiencing cybersecurity attacks

Nonetheless, 71% of corporates still experience cyberattacks with phishing as the most common type of cyberattack (98%).

October 2024 reached 10,020, surpassing the total number of incidents in 2023. The Hong Kong Computer Emergency Response Team Coordination Centre received reports of 35,379 phishing websites, an increase of 127% compared to 2023.

To help SMEs secure data, the Hong Kong Productivity Council and Privacy Commissioner for Personal Data will jointly roll out the Data Security Training Series in 2025.

The series will cover topics including lessons from data breach cases in recent years, recommended data security measures, and how to prevent and handle a data breach incident.