Insight – Capturing Hong Kong’s cyber security opportunities

By Wilson Tang, Senior Business Development Manager, Austrade Hong Kong

As Asia’s leading financial hub, Hong Kong is highly vulnerable to malicious cyber attacks. The territory is on the hunt for solutions and services to strengthen its cyber security defences, opening up opportunities for Australia’s cyber security firms and training providers.

The number of cyber security and IT security breaches is growing year-on-year and the impact of these breaches is becoming more significant. In 2017, more than 5.68 million peoplei or 77.9 per cent of the Hong Kong population had smartphones, reinforcing just how many people are exposed to cyber security attacks on a daily basis. The potential economic losses in Hong Kong because of cyber security attacks could hit US$249.6 billion annually.ii

A large number of companies in Hong Kong are unprepared for cyber attacks. The installation rate of basic security software is high but the security level is very low and easily penetrable, often even lacking any kind of encryption or two-factor authentication.

The financial services sector is one of the four key industries in Hong Kongiii and accounted for 18 per cent of Hong Kong’s GDP in 2016.iv Due to its size and economic importance, Hong Kong’s financial services sector, including banking and insurance, are particularly vulnerable to cyber attacks.

To protect Hong Kong’s reputation as the premier financial hub in Asia, the Hong Kong Government has enacted a number of initiatives such as the Digital 21 Strategyv and the Hong Kong Monetary Authority’s Cyber Security Fortification Initiativevi, and established the Hong Kong Applied Science and Technology Research Institute’s Security Lab.vii These initiatives aim to provide investor confidence in the security standards of Hong Kong companies.

However, despite the initiatives from the Hong Kong Government and other regulatory authorities, there is still a considerable gap between the current and desired level of cyber security protection.

Given the importance Hong Kong places on its financial services sector, investment in upgrading information technology capabilities, particularly related to data analytics and cyber security solutions, is set to significantly increase. Spending on IT solutions is forecast to rise from HK$40.3 billion (approximately A$7.1 billion) in 2018 to HK$49.4 billion (approximately A$8.7 billion) in 2021 at a compound annual growth rate of 7 per cent.viii

Australia in prime position

As a leader in cyber technology and IT security, research and education, Australian companies will find plenty of opportunities to assist Hong Kong to increase its knowledge and levels of cyber security.

The key drivers of cyber security demand include public demand for better protection of personal information and data; increasing frequency and sophistication of cyber security threats; regulatory pressure; and interest in new cyber security technology applications. There are strong opportunities in the following:

  • Encryption server services: There are 959.6 encrypted servers per million citizens in Hong Kongix, which hold and process all forms of data (structured, unstructured and big data). There is a need for products and services to manage and enhance the security of these servers, given the critical data they contain.

  • Online payments/fraud prevention: An analysis conducted by Frost & Sullivan showed that almost 180,000 computers attacked in 2015 were located in Hong Kong.x The majority of the attacks were related to stealing payment details between a victim’s browser and an online banking application, creating strong demand for solutions that protect and prevent transaction interception.

  • Security Operations Centre (SOC) as a Service: A survey conducted by Quann and IDC showed that 95 per cent of Hong Kong companies are still in the early stages of embracing cyber securityxi and that it is limited to the installation of end-point software, such as antivirus and firewalls. It also showed 66 per cent do not have a dedicated team to monitor networks or security devices for suspicious traffic. Australian firms experienced in designing and developing security operations centres can assist in this area.

  • Incident response: The Quann and IDC survey also showed 44 per cent of companies do not have any incident response plans to cyber attacks in practice in Hong Kong.xii Given the high incidence of breaches, Hong Kong companies will need guidance on developing comprehensive incident response plans.

  • Anti-malware solutions: The banking sector is a significant target for malware attacks. Well-known Hong Kong banks including the Bank of China (Hong Kong) and the Bank of East Asia were the targets of Distributed Denial of Services attacks in 2015.xiii Twenty-seven hacking attacks hit 12 licensed financial firms between March 2016 and March 2017, resulting in losses of HK$110 million (US$14.2 million).xiv These incidents highlight the need for robust anti-malware solutions.

  • Protection against crypto-currency ransomware: Ransomware attacks targeting bitcoin and other crypto-currencies are increasing. The Hong Kong Productivity Council reported a 23 per cent rise in security incidents in Hong Kong in 2016, compared to 2015. Malware cases (19 per cent of the total) powered the surge. Around 5 per cent of these cases were related to ransomware attacks,xv creating demand for solutions that focus on crypto-currency.

  • Cloud security: Banks in Hong Kong are demanding more advanced levels of IT solutions to secure data on cloud systems to detect and prevent information breaches.

  • Internet of Things (IoT) security: The growing reliance on the internet and the increased adoption of IoT devices have contributed to the rise in cyber attacks. The relatively new technology and lack of security underpinning devices which use IoT make them easy targets for hackers.

  • Cyber security education: The biggest concern for Hong Kong regulatory authorities and government bodies is the lack of education and concern from people who are at risk of cyber attacks. Training and research to meet skills gaps is in major demand, an area where Australian universities and companies are well equipped to provide.

Austrade is hosting a free webinar on Hong Kong’s cyber security market, where representatives from the Hong Kong Government, private sector, and industry associations will share their views on the trends, opportunities and developments in Hong Kong’s cyber security market on 21 November 2018.

Register for the webinar or contact Wilson Tang for more information.

i  Census and Statistics Department, Hong Kong Special Administrative Region, Thematic Household Survey Report No. 64, March 2018
ii  South China Morning Post, Cyberattacks could cost Hong Kong massive US$32 billion annually, according to study, 14 June 2018
iii  Census and Statistics Department, Hong Kong Special Administrative Region, Hong Kong Monthly Digest of Statistics, May 2018
iv  Census and Statistics Department, Hong Kong Special Administrative Region, Hong Kong Monthly Digest of Statistics, April 2018
v  Office of the Government Chief Information Officer, Information and Cyber Security
vi  Hong Kong Monetary Authority, Launch of the Cybersecurity Fortification Initiative by the HKMA at Cyber Security Summit 2016, press release, 18 May 2016
vii  Hong Kong Applied Science and Technology Research Institute (ASTRI)
viii  BMI Research, Hong Kong Information Technology Report Q1 2018
ix  BMI Research, Hong Kong Crime and Security Risk Report Q1 2018
x  Frost & Sullivan, Asia-Pacific Network-based Advanced Malware Analysis (NAMA) Solutions Market, December 2016
xi  Quann, Quann IT Security End User Study 2017, July 2017
xii  South China Morning Post, Most Hong Kong firms still unprepared for cyber attacks, finds survey, 5 July 2017
xiii, Hong Kong banks targeted by DDOS attacks, bitcoin payout demanded, 18 May 2015
xiv  Frost & Sullivan, GCR Distributed Denial of Service (DDos) Solutions Market, September 2016
xv  Hong Kong Productivity Council, HKPC warns of rising trend of cybercrime-as-a-service, press release, 16 January 2017