Financial Crime World

Hong Kong Financial Sector Braces for Cyberattacks: A HK$1.8 Billion Threat on the Rise

Hong Kong, as a global financial hub, is facing a surge in cybercrime against the banking sector. According to risk advisory experts, the financial loss from these cyberattacks is estimated to be HK$1.8 billion in 2020 - a 50% increase from just four years ago.

Hong Kong as an Attractive Target

Ricky Cheng, director of risk advisory services at BDO, sharing his insights, stated that, “Hong Kong was ranked the ninth most targeted economy in the banking sector for the first quarter of this year.” Organized cybercriminals see Hong Kong as an attractive target due to its financial prowess.

Eugene Ha, deputy managing partner at Grant Thornton, echoed this concern, stating, “Though the number of cybercrime cases hasn’t increased significantly, financial losses have jumped by 50%.”

Combatting the Expanding Threat

In response to this expanding threat, the Hong Kong Monetary Authority (HKMA) initiated the Cybersecurity Fortification Initiative (CFI) in May. This program includes guidelines for banks to evaluate their cybersecurity against HKMA standards and a common language for stakeholders.

Banks’ Response

Ha noted that, “Hong Kong banks are already taking notice.” Many firms have allocated or plan to allocate increased budgets for IT security and risk management.

Technological Solutions

Technological solutions such as multilayer firewalls, intrusion detection systems, antimalware systems, and data loss prevention systems are becoming common defense measures.

People and Processes: Equally Important

Cheng emphasized, “Awareness training can be an effective approach to avoid these types of attacks.” Historically, firms in Hong Kong have underinvested in this area.

CFI’s Response

The CFI responds to this weakness by introducing the Professional Development Programme (PDP) for qualified security professionals and the Cyber Intelligence Sharing Platform (CISP) for banks to stay informed about regional cybersecurity threats.

Preparing for the New Policies

Cheng advised, “Banks should begin preparing for the new policies by educating personnel.” He encouraged other financial institutions to support this CFI, as it sets a strong foundation for a cybersecurity protection framework.