Increased Board-Level Attention on Cybersecurity in Hong Kong

62% of Hong Kong business leaders are placing cybersecurity as a top agenda item in boardroom discussions as the pandemic brought about more cyber-related challenges

Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, today released a study showing increased attention on cybersecurity among Hong Kong business leaders, a result of digital disruptions brought about by the pandemic. The State of Cybersecurity report in Hong Kong canvassed feedback from 300 business decision-makers on their security posture and outlook on cybersecurity trends and challenges.

Cybersecurity is now front and center in boardroom discussions. 

Remote working and rapid digitalization caused by the pandemic have brought cybersecurity top of mind among key decision-makers in Hong Kong. From the study, more than half (56%) of the business leaders responded that they are giving cybersecurity more attention, with 62% of respondents coining it as a top agenda item in their boardroom discussions. This can be seen in the frequency of cybersecurity discussion as a topic — 50% of respondents discuss cybersecurity issues at the board level every quarter, and as much as 38% take up such discussion monthly.

Business leaders are also spending more to shore up their cyber-defensive capabilities in response to the growing threats. Forty percent of respondents noted that they have increased their cybersecurity budgets for the year, with those from medium and large companies leading the way on this front — about half are said to have raised their budget spend by 20%. In particular, these budgets are being allocated to address existing security gaps (38%), optimize operations (37%), refine their crisis response (28%) and address the changing threat landscape (28%). 

“As businesses continue to accelerate their digital transformation, they must prepare for security breaches. From the study, more business leaders are treating cybersecurity as a strategic business enabler that is the key to long-term success,” said Wickie Fung, managing director, Hong Kong and Macau, at Palo Alto Networks. “As businesses continue to shift to the cloud and hybrid work set to be a mainstay, cybersecurity needs to be integrated with business strategy as an investment to ensure leaders have the security infrastructure to overcome any cyber challenges.” 

SMEs struggle with their cybersecurity strategies due to budget and talent constraints.

While larger organizations typically have resources to invest in cybersecurity solutions, small and midsize enterprises (SMEs) often experience challenges caused by low budgets and limited talent. Only 29% of small business leaders plan to raise their cybersecurity budgets, and more than 40% of small businesses do not have their own dedicated IT security staff. The latter is in glaring contrast compared to 11% in medium companies and 5% in large organizations. It is no wonder the study found that 35% of small organizations still lack confidence in their own security measures. 

“SMEs are the backbone of Hong Kong’s economy, constituting about 98% of business establishments in the market. While SMEs may recognize the need to reinforce their defense measures, the unfortunate truth is that many are constrained by business challenges and often prioritize business gains and productivity over it,” added Fung. “SMEs need to see cybersecurity as a sound investment that will keep their business safe, operational and profitable down the line.”

Companies are accelerating their digital transformation strategies through the cloud, but cybersecurity strategies are still lacking.

It is evident that the pandemic has reshaped the way we work. Companies went full swing into cloud adoption, leveraging 5G, automation and remote access for their workforce. In fact, the study found that expanding their remote workforce (65%), moving workloads into the cloud (49%) and increased use of smart devices (44%) are the most common digital transformation initiatives undertaken by Hong Kong businesses. 

As part of the digital transformation journey, companies have identified cloud security adoption (58%), endpoint protection (34%) and identity and access management (28%) as security strategies to prioritize for their business. However, adopting a secure access service edge (SASE) or Zero Trust — security models that play important roles in cloud security — do not seem to garner strong attention among leaders. Only 24% of respondents expressed that they would deploy a SASE security architecture, and even fewer (14%) said they would adopt a Zero Trust approach. 

Here are some best practices and recommendations for enterprises to stay ahead of cybersecurity threats: 

  • Conduct a cybersecurity assessment to better understand, control and mitigate risks. This will help organizations to prioritize countermeasures and identify where resources are needed to defend against sophisticated attacks.
  • Adopt a Zero Trust approach to address the cybersecurity threats of today and design architecture with an “assume breach” mindset. Deploy technology to continuously validate the legitimacy of digital interactions and establish rapid response capabilities to quickly address the early signs of a breach.
  • Choose a partner not a product. A good cybersecurity partner can provide the latest threat intelligence and offer practical advice on how to build a cyber resilient architecture across all environments (e.g., on-premises, cloud, edge). 

Survey Methodology

Palo Alto Networks commissioned the The State of Cybersecurity report in Hong Kong S.A.R. in June 2022 which polled 300 IT decision-makers via an online questionnaire. The sample size consisted of an equal split (1-49 n=100, 50-99 n=100, 100+ n=100) from small, medium and large corporations in the city.