The rise in cyberattacks came after a relative lull, with attacks declining in part due to Russia’s invasion of Ukraine, according to Jackson. A significant portion of financially motivated organized cybercrime originates in the region, he said.
Kroll also saw a return to attacks on health organizations, which Jackson said had fallen during the pandemic, possibly because criminals chose not to target them as they were overburdened by the health crisis.
In the second quarter, cyberattacks against healthcare facilities increased by 90% worldwide compared to the previous quarter, according to Kroll’s Threat Landscape report published last week.
The previous drop in cyberattacks shouldn’t “put a false sense of security in the minds of Asian leaders,” Jackson said.
“Unfortunately, Hong Kong still knows very little about how to effectively monitor [cyber threats], and I would say a very small percentage of companies here do a good job of monitoring,” he said. “And we haven’t been helped by the fact that we have outdated data protection laws.”
Hong Kong was once considered a leader in data protection, with a Data Act dating back to 1996. However, the Personal Data (Privacy) Ordinance has barely been updated since. With the introduction of the European Union’s General Data Protection Regulation, which came into effect in 2018, and last year Privacy Act in mainland China, Hong Kong law has begun to look stale in comparison.
Hong Kong does not require user consent for the collection and processing of personal data, and there is no legal obligation to report data breaches. The local government proposed a new cybersecurity law in May, which is expected to improve the city’s resilience against cyberattacks.
“These are welcome changes, improvements to the laws,” Jackson said. “It’s been a long time since the law was changed, and it’s a good move for Hong Kong as a business hub.”
According to the latest report from the Hong Kong Computer Emergency Response Team Coordination Center, an agency that tracks cyberattacks in the city, cyberspace threat detections have increased by more than 20 percent in the past. during the first four months of 2022 compared to the same period last year.