Hong Kong enterprises have “basic” level cyber security practices, according to a study by the Hong Kong Productivity Council (HKPC). The index classified the cyber security readiness on a scale of 0-100 with the following five levels: “unaware”, “ad-hoc”, “basic”, “managed” and “anticipated”, categorized in the order of maturity. The average score stood at 45.6.
The survey, sponsored by cyber security firm SSH, gauged views of a combined 300 small businesses and 50 large firms. When grouped by size, both company types notched the same “basic level” albeit at different index scores at 43.4 and 58.3 respectively.
Results also found that more than a quarter (26%) of companies encountered external cyber security incidents over the past year.
Ransomware was the most common form of attack, with over half of firms (52%) experiencing the incidents. This was followed by phishing emails (49%), scams against CEOS (35%), other malware attacks (25%) and distributed denial of service (DDoS) attacks at 10%.
“It hardly comes as a surprise to anyone that the increasingly networked nature and growing externalization of most businesses creates a need for third parties to access to companies’ precious digital core,” said SSH Asia-Pacific vice president Ricky Ho.
“However, as indicated by this study, organizations still have a lot of room to improve, particularly in tracking who can access critical and sensitive resources and for what purpose,” Ho added.