Skip to main content

"SSH Hong Kong Enterprise Cyber Security Readiness Index Survey" Down 2.4 Points to 46.9 Staying Vigilant for Cyber Threats in Stormy Times

Release Date: 13 May 2020 1864 Views

(Hong Kong, 12 May 2020) The Hong Kong Productivity Council (HKPC) released the latest results of the “SSH Hong Kong Enterprise Cyber Security Readiness Index Survey”, which reports an Overall Index at 46.9 (maximum being 100), a slight decrease of 2.4 from the survey last year - indicating that Hong Kong companies may have lowered their guard on cyber defence readiness marginally from last year due to the need to prioritise their resources in combating current business downturn.

 

Overall index - For Large enterprise in year 2018 index is 58.3, in year 2019 index is 67.3, in year 2020 score is 65.1. For SMEs in year 2018 index is 43.4, in year 2019 index is 45.6, in year 2020 index is 42.7. Overall in year 2018 index is 45.6, in year 2019 index is 49.3, in year 2020 index is 46.9. Definition of level: index 0 to 20 is unaware, index 20 to 40 is Ad-Hoc, index 40 to 60 is Basic, index 60 - 08 is Managed, index 80 - 100 is Anticipated

 

The Overall Index comprises of four areas: “security risk assessment”, “technology control”, “process control” and “human awareness building”. All their sub-indices fell this year. “Technology control” remained on the top for the second year scoring 60.1, while “human awareness building” sank further to 26.9. In terms of industry sectors, Financial Services (62.9) continued to be the most vigilant at “Managed” level while other industries, with scores of 40.9 to 51.9, were at “Basic” level.

 

By business category: Financial Services's index is 62.9, level is Managed and YoY change is -3.1. NGOs, Schools and Others's index is 51.9, level is Basic, YoY change is +0.1. Information and Communication Technology's index is 50.2, level is Basic and YoY change is -5.6. Manufacturing, trading and logistic's index is 45.7, level is Basic and YoY change -0.1. Professional Services's index is 42.9, level is Basic and YoY change is -5.1. Retail and Tourism related's index is 40.9, level is Basic and YoY change is -3.1. SSH-HKECRI (all business categories)'s index is 46.9, level is Basic and YoY change is -2.4

 

The survey also found that 56% of the respondents have encountered external cyber attacks in the last 12 months, compared to 41% in the 2019 survey. Phishing email (83%), ransomware (41%) and CEO scam (26%) were the top three types of attacks. HKPC noted that most of them were financially motivated with cyber criminals seeking to maximise their illicit returns.

 

Top 5 External Attacks: 1. Phishing email is 83.6% (+6%), rank remains unchanged. Ransomware is 41% (-1%), rank remains unchanged. CEO Scam is 26% (+8%), rank is +1. Other malware attack including Botnet is 22% (no rise or drop), rank is -1. DDoS is 20% (+6%), rank remains unchanged.

 

The respondents were also surveyed on the management of “Privileged Access”, a practice to allow internal staff or external partners to navigate an organisation’s IT systems or networks, and perform critical IT functions. With the growing importance of privileged accounts, only more than two-fifth of them (43%) would pledge to invest more time and budget respectively on managing privileged credentials, while one-third had actually employed two-factor or multi-factor authentication on privileged access. In addition, 30% of respondents planned to strengthen cyber security in the coming 12 months, with “endpoint security”, “system and network security solution” and “cloud security solution” their top 3 areas of investment.

 

Top 5 investment area. T-End point security: in year 2020, it is 67% and ranked 1st place, while in year 2019, its' rank is 2nd place. The change is +1. T-System and network security solution: in year 2020, it is 51% and ranked 2nd place, while in year 2019, its' rank is 1st place. The change is -1. T-Cloud security solution: in year 2020, it is 43% and ranked 3rd place, while in year 2019, its' rank is 5th. The change is +2. NT-Cyber security taining: in year 2020, it is 43% and ranked 4th place, while in year 2019, its' rank is 3rd. The change is -1. T-Credential management solution: in year 2020, it is 41% and ranked 5th place, while in year 2019, its' rank is 6th. The change is +1. T means technical measure. NT means non-technical measure.

 

Mr Edmond Lai, Chief Digital Officer of HKPC, said, “The drop in enterprises’ cyber security readiness may be a by-product of them refocusing resources to combat business downturn brought about by the global economic recession, China-US trade tensions, local social incidents and the COVID-19 pandemic. Yet, with digital transformation being an irreversible trend, any relaxation in cyber security by businesses is not affordable. Hence, apart from organising awareness building activities and issuing security advice through the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), HKPC also provides cyber security training and consultancy services in IT security to enterprises, ensuring they are healthy enough in the cyber world to withstand challenges from the real one.”   

 

Hong Kong enterprises can leverage on various resources from the HKSAR Government and other organisations to strength cyber security. For example, they can apply funding support from the Distance Business Programme or Technology Voucher Programme over the deployment of advanced security solutions in the market such as automated suspicious activities detection technologies or credential-less privilege access management software. Also, they can join the government’s Cybersec Infohub to exchange information with industry peers to build up collaborative defence. In addition, companies can take the initiative themselves by downloading from HKCERT website (www.hkcert.org) free of charge specially-compiled DIY security guidelines such as “Seven Habits of Cyber Security for SMEs”, “IoT Security Best Practice Guidelines” and “Understanding and Tackling Supply Chain Attacks”, etc.

 

Conducted independently by HKPC, supported by HKCERT and sponsored by enterprise cyber security solutions provider SSH Communications Security, the survey assesses the readiness of Hong Kong companies in tackling today’s cyber threats. In the latest survey, telephone interviews with 315 enterprises from six industry sectors were conducted in March 2020. The full report of the “SSH Hong Kong Enterprise Cyber Security Readiness Index Survey 2020” can be downloaded from http://u.hkpc.org/ssh2020.

 

- End –

 

Caption

Mr Edmond Lai, Chief Digital Officer of HKPC (left); and Mr Ricky Ho, Vice President, APAC of SSH Communications Security, present the results of “SSH Hong Kong Enterprise Cyber Security Readiness Index Survey 2020”, which reports an Overall Index at 46.9 (maximum being 100), a slight decrease of 2.4 from the survey last year. In addition, “endpoint security”, “system and network security solution” and “cloud security solution” are the respondents’ top 3 areas of investment on strengthening cyber security in the coming 12 months.