Skip to main content

HKCERT Publishes Incident Response Guideline for SMEs to Enhance Information Security Incident Handling Competence

Release Date: 8 Aug 2022 6695 Views



(Hong Kong, 8 August 2022) Security incident reports received by the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) under the Hong Kong Productivity Council (HKPC) have remained high in recent years, i.e. an annual average of around 8,900 incidents in the past four years and with 4,084 incidents in the first half of this year. To enhance the resilience of Hong Kong small and medium enterprises (SMEs) in dealing with unforeseen information security incidents, HKCERT has recently published the “Incident Response Guideline for SMEs” (the Guideline) providing tips and professional advice for SMEs with limited resources to maintain and upgrade the defence of their systems. The Guideline aims to help SMEs minimise the business impacts and financial losses affected by security incidents, and prevent and reduce the recurrence of similar cyber attacks.


With the Guideline, SMEs can become more familiar with the incident response life cycle, and learn to set up a security framework in the organisation, and define roles and responsibilities, etc. for SMEs to fully grasp the tasks to be performed before, during and after security incidents. Moreover, SMEs can understand the key steps in handling common incident scenarios for better identifying and responding to different types of security incidents such as distributed denial-of-service (DDoS), malware, phishing email, web defacement / intrusion, etc.



The Guideline also introduces how to formulate the standard operating procedure according to different incident scenarios, and provides the incident handling checklist, incident response procedure template, etc. Non-technical readers can easily absorb and understand how to create a proper incident response procedure in their organisations.



Mr Alex Chan, General Manager of Digital Transformation Division of HKPC and spokesman of HKCERT, said, “Cyber attacks have evolved rapidly as the costs and efforts required for hackers to launch attacks are decreasing due to automation and higher computing powers. This leads to the increase of various cyber attacks targeting different organisations. As most SMEs lack resources to build a wider scope of cyber defence to prevent or block cyber attacks, this makes them an easy target. HKCERT hopes the Guideline can act as a catalyst for local SMEs to establish a clear, low-cost and easy-to-implement incident response mechanism. It aims to help them cope with the increasingly sophisticated, complex and frequent cyber attacks due to the accelerated digital transformation amid the COVID-19 pandemic and the application of emerging technologies such as 5G communications, Internet of Things, Metaverse and artificial intelligence, and thus improving the cyber security posture of Hong Kong.”



Please click here to download the Guideline. For information security related incidents, for example, ransomware, phishing, denial of service attack, etc., please report to HKCERT through its online Incident Report Form at For other enquiries, please contact HKCERT by email: [email protected] or call its 24-hour hotline: 8105 6060.