The HKT Hong Kong Enterprise Cyber Security Readiness Index 2021”, published by the Hong Kong Productivity Council, reported the city’s overall index at 49.6 (maximum being 100), a slight increase of 2.7 from that of a similar survey last year.
The report noted that increased digitalization is bringing with it an improved perception of the importance of cyber security measures.
The Overall Index comprises of four areas: “Policy and Risk Assessment”, “Technology Control”, “Process Control” and “Human Awareness Building”. Apart from “Policy and Risk Assessment”, which recorded a small drop of 0.6 to 45.5, the other three all reported increases.
“Technology Control” performed the best at 66.7, with its “Cyber Threat Detection” sub-index surging 25.2 to 65.7 this year. Significant improvement was also observed in the “Third Party Risk Management” sub-index of “Process Control” which went up 14.6 to 38.6.
By sector, “Financial Services” (62.9) continued to be the most vigilant at the “Managed” level, while other sectors, with scores of 42 to 52.3, remained in the “Basic” level with the highest increase in “Professional Services”.
Managed Security Services
The survey explored the opinions and deployments of surveyed enterprises on managed security services (MSS) with 87% of those already using MSS planning to maintain their budgets in the next 12 months.
The 13% that committed to increase MSS budgets do so alongside digital transformation, increased remote/hybrid workforce, and as a response to increasing security threats.
The report noted that enterprises are still encountering threats of various external cyberattacks, in which phishing email (82%) and ransomware (41%) are the two most common types of such attacks.
HKPC general manager of digital transformation Alex Chan warns that COVID-19 has expedited the digital transformation of Hong Kong enterprises and reshaped the work patterns and internet usage habits of Hong Kong people.
“With the prevailing trend of hybrid workplace models, online shops, online business processes and collaboration, cyber security issues become more essential to be reckoned with. Enterprises are also starting to take action to strengthen cyber security to resist known or potential cyber threats.
“Given the shortage of cyber security professionals, technical cyber security measures such as adopting MSS can undoubtedly provide enterprises with fast, reliable and flexible technical support,” he continued.
Need for awareness, drills and training
Chan opined those enterprises still need to strengthen non-technical cyber security measures and raise the cyber security awareness of employees.
Enterprises should provide regular training for employees to learn about the latest trends in cyber security incidents, study from them, and stay vigilant. He commented that with digital development booming, phishing websites are rampant.
Enterprises must remind their employees to properly manage emails, especially to delete suspicious emails promptly, and teach them how to verify the authenticity of extortion emails.
Enterprises should also conduct regular cyber security incident drills to test whether employees are adequately prepared to deal with common cyberattacks. Such efforts will enhance awareness of identifying and reporting suspicious emails.