Letters | Hong Kong must take responsibility for its own cybersecurity

Readers discuss cybersecurity legislation for the city, a former Malaysian prime minister’s house arrest plea, and dining options at Hong Kong airport

Reading Time:3 minutes

Privacy commissioner Ada Chung Lai-ling speaks to the media on April 2 of an investigation into the Cyberport data breach. Photo: May Tse

Published: 11:30am, 5 Jul 2024

Feel strongly about these letters, or any other aspects of the news? Share your views by emailing us your Letter to the Editor at [email protected] or filling in this Google form. Submissions should not exceed 400 words, and must include your full name and address, plus a phone number for verification

Hong Kong is facing more cybersecurity threats and must take immediate action to protect itself. From 2022 to 2023, the city saw a 27 per cent increase in phishing attacks, the highest in five years, according to the Hong Kong Computer Emergency Response Team Coordination Centre.

The Hong Kong Enterprise Cyber Security Readiness Index, which quantitatively assesses the city’s cyber defences, plummeted by 6.3 points to 47.0 out of 100, the largest drop since its inception in 2018. Furthermore, just in February this year, a data breach struck the Hong Kong College of Technology, compromising the personal data of around 8,100 students. Last year, hackers demanded a ransom of US$300,000 after hacking Cyberport.

This deepening vulnerability is a ripe opportunity for mainland Chinese cybersecurity investments to capitalise on. Last December, Qi An Xin, one of the mainland’s leading cybersecurity corporations, opened its Hong Kong headquarters. In March, InvestHK announced that Hillstone Networks, another prominent mainland cybersecurity provider, is following suit. If this trend continues, Hong Kong will become increasingly dependent on mainland companies for protection in the digital domain, which could have implications for “one country, two systems”. Unfortunately, Hong Kong has yet to pass encompassing legislation to govern its cybersecurity infrastructure.

In his 2023 policy address, Hong Kong Chief Executive John Lee Ka-chiu announced a push to finally implement Article 23 of the Basic Law as well as improve the city’s cybersecurity. However, the government’s efforts were fundamentally focused on prioritising national security. Regardless, cybersecurity legislation is long overdue, and it is surprising that Hong Kong has been able to operate as a flourishing business hub for so long without such a safeguard to protect its business environment.

To jump-start Hong Kong’s cybersecurity, the government must publish a white paper to establish a strategic approach while conveying its commitment to the digital safety of the public. In doing so, it can effectively mobilise both public and private enterprises for collective cyber defence while inspiring more public confidence and attracting more foreign investment. Thus, Hong Kong could maintain public safety while remaining economically competitive.