請更新您的瀏覽器

您使用的瀏覽器版本較舊,已不再受支援。建議您更新瀏覽器版本,以獲得最佳使用體驗。

Eng

Hong Kong’s smaller companies are not ready to face cybersecurity threats, warns Chubb Insurance

South China Morning Post

發布於 2019年10月14日13:10 • Holly Chik holly.chik@scmp.com
  • More than 75 per cent of Hong Kong small- and medium-sized firms fell victim to cyberattacks last year, according to the insurer
  • A third of them reviewed their security protection but took no action to prevent another attack, says Chubb in a report
FILE Photo: Reuters
FILE Photo: Reuters

Hong Kong's small- and medium-sized enterprises are not ready to face cybersecurity threats, and only a third of them are insured against an attack, according to Chubb Insurance.

About three quarters of local SMEs, or about 258,000, fell victim to cyberattacks in the 12 months to July, according to the cyber insurer's latest report on the preparedness of companies with less than 250 employees.

However, more than 45 per cent of them said they have never been covered by insurance, the report shows.

"Despite the increased frequency of cyber incidents, about a third of SMEs reviewed their security protection but took no future action after a cyber incident," said Chubb in the report. "Only 11 per cent made any attempt to recover breached data files."

Stanley Wong, president of Chubb in Hong Kong, Taiwan and Macau, said smaller firms are just as much at risk as big conglomerates.

"The number of businesses covered by cyber insurance is worryingly low," said Wong.

Hong Kong companies and residents lost more than HK$2 billion (US$256.4 million) to cybercriminals in the first nine months of last year, while businesses sustained more than 9,000 cyberattacks, according to the most recent data from the security watchdog Hong Kong Computer Emergency Response Team.

Nearly half of the 300 surveyed SME leaders said their employees did not recognise the severity of cyber risks to the business.

"They acknowledged their employees don't know the responsibilities, and employees with access to sensitive data don't know their rights," said Andrew Taylor, cyber underwriting manager at Chubb in Asia-Pacific. "They are not aware of cyber risks."

Will China's revised cybersecurity law put foreign firms at risk of losing their secrets?

Last year, nearly 30 per cent of cyber incidents experienced by SMEs took the form of data loss through system malfunctions and technical faults, while 24 per cent were caused by human error.

"People are not complying with governance programme procedures, not having strong passwords, sending files to insecure websites, sharing data or files outside of corporate policy," said Taylor.

"By not having the right resilience in place, it does leave them exposed. The ignorance there is the risk they're carrying."

Taylor said SMEs which outsource their IT departments tend not to know where and how to seek help when they are attacked.

The report cited a ransomware attack that cost a construction company HK$2.6 million " about a 10th of its annual turnover " in which an employee clicked a malicious email link that led to the company's data being encrypted and held to ransom.

"How many small businesses can afford to give away 10 per cent of their revenue because of one of these attacks?" said Taylor. "This is the kind of damage and destruction that can be caused to a company's network and data that stops their business from operating."

In Hong Kong, over 98 per cent of business units are SMEs, which altogether hire 1.3 million people, nearly half of the workforce excluding the civil service sector.

Copyright (c) 2019. South China Morning Post Publishers Ltd. All rights reserved.

0 0
reaction icon 0
reaction icon 0
reaction icon 0
reaction icon 0
reaction icon 0
reaction icon 0