Security Blog

The "SSH Hong Kong Enterprise Cyber Security Readiness Index" Survey

Release Date: 30 / 05 / 2018
Last Update: 30 / 05 / 2018

The Hong Kong Productivity Council Research Team (HKPC) and the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) developed the Hong Kong Enterprise Cyber Security Readiness Index to assess the readiness of Hong Kong companies in tackling today’s cyber threats. The Index comprises four areas, including the comprehensiveness of ‘security risk assessment’, ‘technology controls’, ‘process controls’ and ‘human awareness’ of the enterprise.


In March 2018, the first survey applying the index was conducted independently by HKPC, sponsored by SSH Communications Security, and supported by the HKCERT. In this survey, telephone interviews with 350 enterprises from six industry sectors were conducted.


Here are the key findings of the “SSH Hong Kong Enterprise Cyber Security Readiness Index Survey 2018”.

  1. The Index indicated that the overall level of security maturity among Hong Kong Enterprises is “Basic”  The Hong Kong Enterprise Cyber Security Readiness Index was 45.6 (the range is 1 to 100) indicating that while Hong Kong companies apprehend the need to ensure business continuity in case of cyber attacks and have applied consistent IT security measures, there still existed room for improvement in security management and proactiveness to combat new cyber threats.
  2. In terms of industry sectors, Financial Services (60.5) was the most vigilant while Retail/Tourism-related (41.9) and Manufacturing/Trading/Logistics (41.3) came bottom of the list.
  3. In terms of company size, Large Enterprises were ranked higher than SMEs. Large Enterprises reached the high end of “Basic” level while SMEs were at the lower end of “Basic” level.
  4. 26% of the respondents had encountered external cyber attacks in the past 12 months, with ransomware (52%), phishing email (49%) and CEO scam (35%) being the top three types of attacks they experienced.
  5. On the use of credential management to secure their operation, over 60% felt that a lack of responsive management and fine-grain control have made credential management less effective.
  6. 43% of the respondents plan to enhance cyber security in the coming 12 months, with system and network security solution, end point security, cyber security training, threat detection technology and cyber threat intelligence the top five areas of their investment.

The full report of the “SSH Hong Kong Enterprise Cyber Security Index Survey 2018” can be downloaded here.