This picture taken on Feb 4, 2016 shows a computer screen at the National engineering elite school of Bretagne-Sud cybersecurity center in Vannes, western France. Experts at a panel discussion in Hong Kong on Aug 9, 2017 advised Hong Kong firms to be on constant alert and take adequate precautions against cyber risks in the wake of the recent "WannaCry" assault on computer networks. (FRED TANNEAU / AFP)
Hong Kong companies have to be on constant alert and take adequate precautions against cyber risks in the wake of the recent “WannaCry” assault on computer networks, experts said at a panel discussion held by US insurer American International Group dealing with the growing issues of cyber risk and cyber security.
As the first insurer to bring cyber products to Asian countries, AIG saw an 87 percent increase in cyber-insurance coverage enquiries between April and May this year following the WannaCry assault.
There is a degree of complacency because executives across Asia don’t relate to the major cases of cyber-attacks in the US or Europe as being the same kind of risks that threaten their Asian operations.
Jason Kelly, AIG
In comparison, requests for the same policies globally at AIG were up 38 per cent, reflecting how Asian companies lagged behind in taking precautions against cyber risks, the panelists said.
“Despite increased awareness brought about by the recent global cyber-attacks such as WannaCry and NotPetya, many companies in Asia still do not understand their cyber exposure because so much of what happens occurs out of the public eye,” said Jason Kelly, head of liabilities and financial lines for China, Australasia and South Korea at AIG.
“There is a degree of complacency because executives across Asia don’t relate to the major cases of cyber-attacks in the US or Europe as being the same kind of risks that threaten their Asian operations,” he added.
Kelly emphasized that Hong Kong business owners should understand there is a rapidly escalating exposure to first-party costs that include cyber-related income loss, legal and forensic costs and expenses associated with the need to defend a company’s reputation with its customers, partners, suppliers and its broader stakeholder group during and after each cyber incident.
The Hong Kong Computer Emergency Response Team Coordination Centre said the number of computer security incident reports had increased vastly in the past three years, growing more than 300 percent from 1,694 reports in 2013 to 6,058 reports last year.
Hong Kong Police statistics showed there was a significant increase in the amount of money at stake, with the financial losses resulting from locally reported computer crime cases increasing from HK$45.1 million in 2009 to HK$2.3 billion last year.
The good news is regulators in Asia are increasingly aware of cyber-security needs. Hong Kong’s regulators – including the Hong Kong Monetary Authority and Securities and Futures Commission – have given institutions and market participants notice to identify cyber-security threats from networks, emails and relevant devices, saying firms should have mitigation measures in place to prepare for possible cyber-security threats.
Japan and Australia have recently introduced mandatory cyber-breach reporting guidelines, while Hong Kong has yet to pass similar legislation. China's Cyber Security Law also went into effect on June 1.