Financial Crime World

Here is the article in markdown format:

Hong Kong Cybercrime Threats Soar as Economic Cost Rises to HK$2.96 Billion in 2020

The economic cost of the COVID-19 pandemic and global cybercrime in 2021 are strikingly similar, with both estimated to be around US$6 trillion. Cybercrime has accelerated since the start of the pandemic due to increased homeworking, e-commerce, and electronic trading, as well as criminals being forced online.

Hong Kong an Attractive Target for Cyberattacks

Hong Kong is an attractive target for cyberattacks, particularly in the financial sector, which features in the top five sectors for severity and frequency of cyber-attacks. According to VMware, attacks against the financial sector increased 238% globally during the first three months of the pandemic, while 80% of financial institutions reported an increase in cyberattacks in 2020.

Rise in Reported Incidents and Value of Cybercrime

In Hong Kong, reported incidents of cybercrime have risen significantly over the past decade, from 2,206 in 2011 to 12,916 in 2020. The value of those crimes increased from HK$148 million in 2011 to a staggering HK$2.96 billion last year, up 55% from 2019.

Forms of Cybercrime and Costs

Cybercrime takes many forms, including phishing, ransomware, and hacking, resulting in losses such as:

  • Destruction of data
  • Lost productivity
  • Business disruption
  • Fraud
  • Theft of money, intellectual property, personal, and financial data

The cost also includes reputational damage for both the business and the jurisdiction it is in, and for the restoration of data and systems, and possibly even an investigation.

Financial Sector Under Attack

The financial services sector is heavily targeted by hackers and other cybercriminals, who are attracted to sensitive data on individuals, businesses, and governments held by banks and other financial institutions. The sector’s lack of cybersecurity preparedness makes it a prime target for attackers.

Protecting Hong Kong from Cybercrime

Hong Kong can do more to protect itself from cybercrime. Its Smart City Blueprint brings together various elements that comprise a modern city in a vision underpinned by digital technology, including cyberspace safety. However, the blueprint needs clearer work plans with policy priorities over a longer time horizon to facilitate different stakeholders to coordinate and make their part of contribution correspondingly.

Setting Up a Cybersecurity Commission

Hong Kong would benefit from setting up an independent commission similar to the Australian Signals Directorate or the Cyber Security Agency of Singapore. Alternatively, it could set up a cross-bureau working group to coordinate both regulatory and enforcement actions.

Lack of Legislation on Cyber Offences

Currently, there is no specific legislation that deals with cyber offences in Hong Kong. The legal framework for cyber offences is fragmented across different pieces of legislation, such as:

  • Personal Data (Privacy) Ordinance
  • Unsolicited Electronic Messages Ordinance
  • Interception of Communications and Surveillance Ordinance
  • Insurance Companies Ordinance

Omnibus Cyberspace Protection Ordinance

Many of the world’s leading jurisdictions in cybersecurity have an omnibus cybersecurity protection law as a core element of their cybersecurity framework. Hong Kong should consider introducing its own Omnibus Cyberspace Protection Ordinance alongside reviewing other related statutes on a regular basis to ensure they remain fit for purpose and aligned with international standards.

Regulators, Public and Private Sectors Must Work Together

An effective approach would be for other financial regulators, including the SFC and IA, to consider joining hands to build on the HKMA’s competency enhancement framework, developing it into an overarching structure with specialized streams of expertise to meet evolving supervisory requirements in different sectors.

Conclusion

As the world looks ahead to a post-pandemic situation and how to pay for its cost, governments, regulators, and businesses would be wise to look closely at the cost of cybercrime, which continues to rise. It’s grand larceny on a scale that far exceeds anything that has gone before.