customContents

entityId

entityUuid

articlePageQuery

filter

article

articleBaseAdvertisingInfoArticle

articleListArticle

articleSeoArticle

helpersCheckIsPostiesArticle

hooksArticleAcknowledgementGateOverlayArticle

hooksTrackPageViewArticle

hooksContentInterestArticle

articleLinkingDataContent

articleSchemaContent

liveArticle

advertZone

sentiment

contentLock

topics

types

sections

moreOnThisArticles

urlAlias

commentCount

sponsorType

authorLocations

authors

paywallTypes

corrections

displaySlideShow

multimediaEmbed

printHeadline

seriesContainer

socialHeadline

headline

flag

firstTopic

glossary

flattenTypeIds

publishedDate

additionalInfoBoxes

images

image

relatedLinks

relatedNewsletters

__typename

createdDate

sponsor

factSheets

series

knowledgeQuestion

disableOffPlatformContent

published

updatedDate

summary

subHeadline

body

keywords

copyrighted

customTimezone

liveContents

Allen Au-yeung

The banking regulator is considering plans to require banks in the city to assess their resilience to cyber attacks and ways to train more qualified cybersecurity experts.
From Tuesday, the Hong Kong Monetary Authority began a three-month consultation into the initiative.
The latest policy drive, which was named the “Cybersecurity Fortification Initiative”, was announced after the authority’s chief executive Norman Chan Tak-lam said at the Cyber Security Summit last week that the city’s financial sector could not be complacent, even though there were very few cases of serious cyberattacks reported in the past in Hong Kong.
On the defence: Hong Kong Monetary Authority to boost cybersecurity for city’s banking system
Giving more details about the initiative on Tuesday, Arthur Yuen, deputy chief executive of the Hong Kong Monetary Authority, said one aspect of the policy was to require banks to arrange certified professionals to assess their cyber resilience levels to see how prepared they are to face cyber threats.
The assessment would aim to cover 25 components, from staffing, training and data security to incident management and threat intelligence.
After the assessment, if gaps are found, banks will have to make plans for improvements.
When asked if the results of the assessments would be made public so people could know how secure their service providers are, Yuen replied that the authority did not have such plans at present.
“Information, if oversimplified, might have a negative effect,” Yuen said. “We don’t want the confidence in the city’s financial system to be shaken.”
One in three Hong Kong chief information officers have faced major cyberattacks in past two years, survey shows
Yuen added banks would be asked to take reasonable remedial action if necessary.
Separately, in light of a global shortage of cybersecurity experts, the authority said the initiative would also include working with the Hong Kong Applied Science and Technology Research Institute and the Hong Kong Institute of Bankers on designing accredited training programmes.
According to the authority, there were 11 million online banking accounts in the city last year, generating 17 million transactions worth HK$7.3 trillion on average per month.
While the authority said cases of cyberattacks causing actual or substantial disruption of services or losses were rare, it recorded 35 cases of fraudulent banking websites, applications and phishing emails last year.
It also recorded 19 cases of distributed denial-of-service (DDoS) attacks, which were malicious attempts to paralyse computer systems.
Under the current regulatory framework, the authority said banks are required to inform it incidents of cyberattacks they experienced.
The authority aims to elaborate further on the initiative by the end of this year after the consultation is completed.


Hong Kong Monetary Authority looks to improve banks’ cyber security 

The banking authority is looking at ways to improve banks’ resilience to cyber attacks. Photo: SCMP Pictures

News

Hong Kong

The banking regulator began a three-month consultation into the initiative on Tuesday, designed to ensure banks are ready to face online threats
