Security Blog

"SSH Hong Kong Enterprise Cyber Security Readiness Index Survey" Up 3.7 Points to 49.3. Enterprises still needs to improve on Cyber Security Readiness

Release Date: 12 / 04 / 2019
Last Update: 15 / 04 / 2019

The Hong Kong Productivity Council (HKPC) released the latest results of the “SSH Hong Kong Enterprise Cyber Security Readiness Index Survey”, which reports an Overall Index at 49.3 (maximum being 100), a slight increase of 3.7 from the inaugural survey last year - indicating that while Hong Kong companies have applied more resources to tackle cyber attacks and ensure business continuity, there are still rooms for improvement in security management, staff awareness and proactiveness in order to combat with new cyber threats.



In terms of industry sectors, Financial Services (66) was the most vigilant while Retail/Tourism-related (44) and Manufacturing/Trading/Logistics (45.8) came bottom of the list whose rankings were the same as last year.




The survey also found that 41% of the respondents encountered external cyber attacks in the past 12 months, compared to 26% in the 2018 survey. Phishing (77%), ransomware (42%) and other malware and botnet (22%) were the top three types of attacks.



The respondents were also surveyed on access management for internal and third party. Nearly two-thirds (63%) of respondents did not know how their companies manage third party “Privileged Access”. “Privileged Access” allows internal staff or external partners to freely navigate an organisation’s IT systems or networks, and perform critical IT functions. Although 31% of them owned shared accounts with “Privileged Access”, 55% were confident enough not to impose additional security measures to protect these account being over used. HKPC experts believe enterprises commonly ignored third party cyber security risks. In addition, 40% of respondents planned to strengthen cyber security in the coming 12 months with “System and network security solution”, “End point security” and “Cyber security training” being the top 3 areas of investment for the second year running.


Mr Edmond Lai, Chief Digital Officer of HKPC, said, “Although enterprises are facing more and complex cyber attacks, the survey found that their security readiness remain a long way off the ideal level, especially in the area of staff awareness. To address the problem, HKPC has been proactive in its efforts to enhance the cyber security of the local industry. Apart from holding conferences, workshops and professional training to raise the security awareness and resilience of enterprises through its Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), it also provides ‘Industry 4.0’ and ‘Enterprise 4.0’ cyber security consultancy services to help enterprise undergoing digital transformation to tackle security threats more effectively.”


Mr Lai urged enterprises to improve their cyber security through process, technology and people management. These include better management of third party’s cyber risks and formulation of policies or contract terms to regulate external partners. They must also apply appropriate security measures and impose strict access controls or even ban shared accounts with “Privileged Access”. Also, enterprises should apply advanced and automatic cyber threat detection technologies. They should share cyber threat information with industry peers and build a joint defence. In addition, cyber security awareness training should be provided to all staff with regular security drills being held to keep everyone alert.


Conducted independently by HKPC, supported by HKCERT and sponsored by enterprise cyber security solutions provider SSH Communications Security, the survey conducted telephone interviews with 350 enterprises from six industry sectors were conducted in March 2019.


The full report of the “SSH Hong Kong Enterprise Cyber Security Readiness Index Survey 2019” can be downloaded from here.