SSH.COM-sponsored Cyber Security Study Recommends Hong Kong Enterprises to Put More Effort into Managing Third Party Risks

Hong Kong, May 4, 2018

Landmark survey assesses the state of cyber security and key development needs in Hong Kong

Major survey shows that Hong Kong enterprises’ cyber security practices were on the “Basic” level, with third party risk management, cyber threat detection, and cyber security awareness being the key areas of improvement for 2018.

The SSH.COM sponsored study, called SSH Hong Kong Enterprise Cyber Security Readiness Index Survey 2018, is the first of its kind to apply the comprehensive Hong Kong Enterprise Cyber Security Readiness Index (HKECSRI) framework developed by the Hong Kong Productivity Council (HKPC) with the support of its Hong Kong Computer Emergency Response Team Coordination Centre. The index classified the cyber security readiness on a scale of 0-100 with the following five levels: “Unaware”, “Ad-hoc”, “Basic”, “Managed” and “Anticipated”, categorized in the order of maturity.

The overall security maturity of 45.6 indicated only a Basic level of maturity, while some cyber security indicators were on “Managed” and “Anticipated” levels. Large enterprises (58.3) and the financial sector (60.5) scored better than the average in terms of organization size and surveyed sectors respectively but their maturity levels still fall in the upper end of “Basic” or the lower end of “Managed” levels. The best performing areas across the board were data backup management (87.8) and privileged access management (64.3). At the other end of the spectrum, third party risk management (19.8) ranked at the lowest level (Unaware) of security maturity.

Mr. Wilson Wong, General Manager (IT) of HKPC said: “Not surprisingly, nearly all of the respondents (97%) regarded IT systems and data as highly important. At the same time, the score for third party risk management was surprisingly low, even though third parties can access a lot of the critical and sensitive data of a company. We strongly encourage companies and organizations to conduct thorough cyber security risk assessment of partners who will connect to their IT infrastructure and impose strict access controls to enhance management of third party risks.”

Mr. Ricky Ho, Vice President, Asia Pacific, SSH.COM, said: “It hardly comes as a surprise to anyone that the increasingly networked nature and growing externalization of most businesses creates a need for third parties to access to companies’ precious digital core. However, as indicated by this study, organizations still have a lot of room to improve, particularly in tracking who can access critical and sensitive resources and for what purpose. The good news is that this issue can be solved quickly and painlessly with SSH’s non-intrusive approach that requires no changes to the existing infrastructure.”

For a copy of the full HKECSRI 2018 study, please see https://info.ssh.com/ssh-hkecsri-2018


About SSH.COM
SSH.COM helps organizations access, secure and control their digital core – their critical data, applications and services. We have over 3,000 customers around the world, including 40 % of Fortune 500 companies, many of the world’s largest financial institutions, and major organizations in all verticals. We are committed to helping our customers thrive in the cloud era with solutions that offer secure access with zero inertia, zero friction and zero credentials risk. SSH.COM sells online; through offices in North America, Europe and Asia; and through a global network of certified partners. The company’s shares (SSH1V) are quoted on the Nasdaq Helsinki. For more information, please visit www.ssh.com.

About Hong Kong Productivity Council (HKPC)
The Hong Kong Productivity Council (HKPC) is a multi-disciplinary organization established by statute in 1967. HKPC’s mission is to promote productivity excellence through the provision of integrated support across the value chain of Hong Kong firms, to achieve a more effective utilization of resources, to enhance the value-added content of products and services, and to increase international competitiveness. For more information, please visit http://www.hkpc.org.

About Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)
Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), operated by HKPC, is the center for coordination of computer security incident response for local enterprises and Internet Users. Its missions are to facilitate information disseminating, provide advices on preventive measures against security threats and to promote information security awareness. HKCERT collaborates with local bodies to collect and disseminate information and coordinate response actions. HKCERT is also a member of the Forum of Incident Response and Security Teams (FIRST) and the Asia Pacific Computer Emergency Response Teams (APCERT). For more information, please visit https://www.hkcert.org.