A new survey may make Hongkongers think twice before handing over their credit card for their next cocktail or cup of coffee.
The study, conducted by the insurance company Chubb and the public opinion firm YouGov, found that more than 70 percent of small and medium enterprises (SMEs) surveyed in Hong Kong experienced “cyber incidents” such as data breaches in the last year.
According to the report, however, many smaller businesses viewed themselves as less vulnerable to cyberattacks than their larger counterparts.
“Some SMEs believe they are too small to be targeted by cyber criminals or any internal issues will not greatly impact them. In effect, they think they are ‘too small to fail,’” Andrew Taylor, Chubb Asia Pacific’s cyber underwriting manager, was quoted as saying. “However, every report, survey or set of statistics on cyber events tell us that all businesses are exposed, whether big or small.”
But while big businesses have the wherewithal the spend huge amounts on cybersecurity, the report’s authors write, SMEs generally do not, effectively making them “low-hanging fruit” for cyber criminals.
SMEs comprise 98 percent of businesses in Hong Kong and account for 45 percent of jobs in the SAR, the report states, but despite representing such a vast segment of the local economy, their own internal protections are often wanting. Many of the cyber incidents logged by Chubb were the result of internal systems malfunctions or human error.
In one case described in the report, an energy company executive’s laptop was stolen, resulting in the loss of private employee and customer information. In another, an online retailer saw the theft of the personal information of over 1,000 customers, who were then targeted by hackers for further phishing attacks.
The report suggests preparedness is among the first steps SMEs can take to protect themselves.
“First of all, putting in place strong cyber security policies and procedures and training staff adequately will significantly improve an SME’s resilience, without incurring major costs,” Ben Yates, a consultant specializing in financial technology, is quoted as saying. “Second, an effective incident response plan is crucial.”
Or, you know, just hang onto your laptop.