Governance gaps flagged in cybersecurity practices in Hong Kong: PwC, HKCGI
A cybersecurity report found inadequate cybersecurity training and insurance in the city.
Governance gaps were uncovered in cybersecurity practices in Hong Kong that call for immediate action, PwC Limited Hong Kong and The Hong Kong Chartered Institute reported.
In its Cybersecurity - Plugging the hole through testing, policies and training report, it was found that more than 66% of organisations indicated “Little involvement” or “Moderate level” board participation in cybersecurity governance.
The report also found that 20% of companies had a designated cybersecurity committee with established roles and lines of authority, indicating the need for specialised oversight.
A sizable portion of directors (about 57%) only receive "Occasional" cybersecurity training, underlining the absence of regular and comprehensive awareness training.
Moreover, only about 20% of businesses adopted cyber insurance, and almost half were unsure of its availability or scope, indicating a governance flaw in assessing and obtaining proper coverage.
The tendency is worrying," Kok Tin Gan, PwC Hong Kong Cybersecurity and Privacy Partner, said.
“For organisations, no doubt cybersecurity is one of the top risks. The survey's findings indicate gaps and a lack of focus, potentially due to overconfidence in cyber teams. Testing by certified, qualified personnel is essential, which must include red teaming/ethical hacking.”