'Staff Not Getting Proper Cybersecurity Training'

Local companies are doing a better job of using the latest technology to ward off cybersecurity threats, a new survey by the Hong Kong Productivity Council suggests, but they’re now doing a worse job in training their staff to be vigilant against such dangers.

The council’s latest ‘readiness index’ found that the 350 firms surveyed were slightly more prepared to deal with computer attacks, with an average score of 49.3 out of 100, up 3.7 from last year – a level that the HKPC classifies as ‘acceptable’.

But while the ‘technology control’ sub-index soared 26.6 to 63.4 to rise to the second-highest classification, ‘managed’, the human awareness category fell 9.3 points to 29.5 – meaning firms generally have an ‘ad-hoc’ approach to staff training, without any well-thought out strategy.

The council’s chief digital officer, Edmond Lai, said the decline in staff training may have something to do with the fact that there were no major cyber-attacks last year – which may have taken cybersecurity off the corporate world’s radar. But he pointed out that there has been a 28 percent increase in phishing emails, “which unfortunately requires all the employees to have a higher awareness in order to avoid [being scammed].”

Lai also said the survey showed that the retail and tourism sectors are the worst-prepared for cyber attacks, while the financial services sector are the most ready.

He said this is a cause for concern, as retail and tourism-sector companies tend to hold large amounts of consumer data.