The Hong Kong Special Administrative Region has governed under a One-China, Two-systems policy since 1997. That means the great firewall of China which is enforced in the mainland is not applied in Hong Kong. It decides on its own about its internal policies when it comes to governance, including the responsibility of making sure that the Hong Kong government and its private sector are ready when it comes to cybersecurity challenges. Improvement and oversight of Hong Kong’s Cybersecurity Readiness are under the HKPC (Hong Kong Productivity Council).
The council released its latest Cyber Security Readiness Index Survey, which provides a baseline on how ready the Hong Kong’s private and public sectors when it comes to security risks. The survey result reveals that there is a slight increase in cybersecurity readiness overall, but the details reveal some questionable segments. Hong Kong Computer Emergency Response Team is responsible for filling up the details of the report, with SSH Communications Security as the private partner chosen by HKPC.
“A lack of large-scale cyber attacks last year might have led to a drop in cyber security awareness training and security alerts for staff, hence a lower human awareness among Hong Kong enterprises,” explained Leung Siu-Cheong, HKPC’s Sr. Consultant of Digital Transformation Division.
The survey is divided into four categories:
- Human Awareness
Decreased score from 38.8 in 2018 to 29.5
- Process Control
- Technology Control
Increased score from 36.9 last year to 63.4
- Security Risk Assessment
“Although enterprises are facing more and complex cyber attacks, the survey found that their security readiness remain a long way off the ideal level, especially in the area of staff awareness. To address the problem, HKPC has been proactive in its efforts to enhance the cyber security of the local industry,” added Edmond Lai, HKPC’s Chief Digital Officer.
Hong Kong tends to make decisions based on the consensus of the parties involved. However, when a crisis actually occurs, it is difficult to make such a decision within a limited time. Making a quick decision can be huge pressure on both Hong Kong’s private and public sectors. Furthermore, in a chaotic state different from normal, when it is necessary to make adjustments, difficult communication becomes more difficult even in normal time.
Lai emphasized that cybersecurity is a process and not a destination that Hong Kong should strive for. Hardening of hardware and software are not enough, but pivot to IT policies that will enforce tighter restrictions based-on the capability of each entity to maintain the best cybersecurity defense they can afford. HKPC is also studying the possibility of them focusing their time and manpower to help the tourism sector, as they are the most vulnerable according to the study. Second to the list is manufacturing, followed by trading and logistics, all of them needs improvement.
HKPC and the Hong Kong Computer Emergency Response Team are committed to doing its best to help the sectors that require priority guidance. In order for this to become possible, it requires strong support from the private sectors, businessmen and the rest of Hong Kong stakeholders.