Cyber Crime & ForensicPress Release

HKCERT Report Finds Security Incidents Hit Record High with 27% Annual Increase

AI-Related Attacks and Supply Chain Risks Emerge as Top Concerns; Nearly 30% of Enterprises Lack Dedicated Cybersecurity Personnel

The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), under the Hong Kong Productivity Council (HKPC), has officially released its annual Hong Kong Cybersecurity Outlook 2026. The report reveals that cyberattacks have become more automated, targeted, and destructive with the rapid proliferation of Artificial Intelligence (AI) technologies, posing significant threats to business operations and information security. A record-high 15,877 cybersecurity incidents were recorded in Hong Kong in 2025, marking a 27% year-on-year increase. The report also highlights five key cybersecurity risks expected to emerge in 2026, mainly under AI-related threats and supply chain vulnerabilities.

HKCERT also released the findings of the “Hong Kong Enterprise Cybersecurity Landscape”, which analyses the current state of local enterprises’ cybersecurity defences and resource allocation in the face of cyber risks. The study covered 622 enterprises (including 544 SMEs and 78 large enterprises) and interviewed 50 cybersecurity service providers to assess the key factors businesses consider when selecting cybersecurity services. The findings reveal that nearly 70% of enterprises have dedicated cybersecurity personnel, showing the increasing importance local businesses place on cybersecurity. Many SMEs have also begun strengthening their security measures, demonstrating a proactive awareness of cyber threats. However, they lag behind large enterprises in terms of technology deployment and resource allocation. Moreover, around 35% of businesses using AI would enter corporate data into AI tools, suggesting that there is still room for improvement in overall local defence capabilities and AI governance awareness.

Edmond Lai, Chief Digital Officer of HKPC, stated: “The proliferation of AI can drive innovation, but it can also become a powerful tool for hackers, making cyber threats stealthier and more scalable. Our report indicates a lack of governance in the corporate use of AI tools. In particular, the limited resources and knowledge of SMEs may limit their full understanding of the potential risks involved. Moreover, supply chain attacks have become the weakest link in enterprise security, where a single vendor’s vulnerability can trigger a chain reaction of crises, even if enterprises have robust protective measures. To address these challenges, enterprises must shift from passive response to proactive deployment, starting with establishing clear AI usage guidelines and audit mechanisms, and deeply integrating them into the overall cybersecurity strategy.”

Overview of Cybersecurity Incidents in 2025

Phishing Accounts for Nearly 60% – Record-High Number of Cases

According to the latest statistics from HKCERT, a total of 15,877 cybersecurity incidents were reported in 2025, marking a new record high. Among them, phishing attacks remained the most prominent threat, accounting for nearly 60% (57%) of total cases. The rise of generative AI has made phishing messages increasingly realistic and harder to detect, further amplifying the associated risks. Attack delivery methods have expanded beyond traditional email to social media or instant messaging platforms (such as WhatsApp) (34%) and cryptocurrency platforms (18%).

In parallel, cases involving vulnerable systems also saw a sharp increase, with 2,328 incidents (15%), representing a more than 3.5-fold rise compared to the previous year. This suggests that attackers are actively exploiting misconfigurations and unpatched system vulnerabilities. Meanwhile, botnet-related incidents remained steady at 18%. While stable in number, botnets are notoriously difficult to eradicate completely, representing a long-term latent threat.

Top 5 Cybersecurity Risks in 2026

Based on industry expert analysis and HKPC’s ongoing research into the local business environment, and considering industry trends and technological developments, HKCERT predicts that the following five cybersecurity risks will pose significant challenges to businesses in 2026:

  1. AI-driven attacks and agentic AI risks
  2. Weak AI governance of enterprises increases data-leakage risks
  3. Supply chain vulnerabilities and third-party security gaps
  4. Over-reliance on cloud infrastructure creates single points of failure
  5. Emerging threats from AI-enabled devices

30% of Enterprises Lack Dedicated Cybersecurity Staff; SMEs Lag in Defence and Investment

The Hong Kong Enterprise Cybersecurity Landscape reveals that nearly 70% of enterprises have dedicated cybersecurity personnel, showing the increasing importance placed on cybersecurity. By company size, 67% of SMEs have personnel responsible for cybersecurity, compared with 95% of large enterprises. Among them, 26% of SMEs have dedicated cybersecurity personnel, which is lower than the 59% of large enterprises, reflecting different challenges in resource allocation and professional support for companies of different sizes.

Many SMEs have already implemented basic protective measures; for example, 48% of SMEs have adopted email security, but there is still room for improvement compared with the 79% of large enterprises. For Privileged Access Management (PAM), 29% of SMEs have deployed such measures, which is still lower than the 60% adoption rate among large enterprises. Figures for advanced cybersecurity practices, such as remote access security measures (SMEs 31% vs 67%), also reflect that SMEs still need support in promoting technological upgrades. As data security becomes increasingly important, the protection of SMEs of all sizes cannot be ignored.

Regarding investment and resource allocation, SMEs are generally cautious, but some companies have gradually increased their investment in cybersecurity and training. In the past year, 13% of SMEs increased cybersecurity-related resources (including staff and tools), and 12% invested more resources in cybersecurity training. In comparison, the proportions for large enterprises were 41% and 50%, respectively. Looking ahead to the next 12 months, SMEs are relatively conservative in their plans for increasing resources—whether in the recruitment of cybersecurity personnel (SMEs 5% vs 15%), training (SMEs 13% vs 38%), or budget (SMEs 13% vs 36%). However, as cyber threats evolve, it is believed that enterprises will gradually increase related investments to strengthen their overall defence capabilities.

HKCERT’s Five Key Recommendations: Helping Enterprises Build Effective Cyber Defences

HKCERT has outlined five key recommendations to help enterprises strengthen their cybersecurity posture:

  • Assigning personnel for cybersecurity: Enterprises should assign employees with basic cybersecurity knowledge to be responsible for daily monitoring and response work, with a clear division of responsibilities to ensure timely responses to emergencies.
  • Promoting AI governance and regulation: As the application of AI tools and third-party platforms becomes increasingly widespread, enterprises should formulate relevant policies and operational guidelines, clearly specifying available tools and the scope of data input, as well as procedures for responding to third-party incidents, to minimise operational and reputational risks.
  • Collaborative efforts of all staff to prevent phishing attacks: Enterprises should adopt both technical measures (such as email filtering and multi-factor authentication) and an organisation-wide security culture to jointly defend against phishing attacks. This helps enhance each employee’s ability to identify suspicious emails and links, thereby reducing the risk of data leakage.
  • Enhancing cybersecurity awareness and training across all staff: Cybersecurity is a shared responsibility across the entire organisation. Enterprises should regularly provide targeted security training for different departments—especially roles that handle sensitive data—and strengthen incident response capabilities through simulation exercises and case-based learning to reduce human error.
  • Strengthening technical protection measures: Enterprises should implement essential cybersecurity technologies, including email security and access-rights control; data protection measures (such as encryption and backup); remote access security mechanisms (such as VPNs and identity authentication); and proactive security solutions (such as intrusion detection and firewall monitoring).

As cyber threats grow increasingly complex and attack techniques become more advanced, enabling SMEs to effectively deploy cybersecurity defences has become a shared responsibility across society. In addition to operating a 24-hour incident reporting and support hotline, HKCERT continuously monitors local online activities. When cyberattacks targeting Hong Kong are detected, it proactively traces and disrupts the source and issues timely public alerts.

In recent years, HKCERT has also leveraged self-developed AI systems to take down phishing websites in advance, preventing incidents before they occur. To strengthen preventive measures and promote education among SMEs, HKCERT has published multiple security guidelines addressing emerging technology risks, helping technical personnel understand and adopt appropriate protection strategies. At the same time, HKCERT actively promotes cybersecurity awareness through a dedicated webpage featuring in-depth analyses of major phishing and ransomware attacks, as well as by organising large-scale public events and participating in over 30 seminars annually.

Since last year, HKCERT has further acted as a bridge between SMEs and cybersecurity service providers by launching the Cybersecurity Service Providers Connect Programme with the Digital Policy Office. The programme offers a one-stop platform that brings together 21 vetted cybersecurity service providers, covering four key areas, including Internet security solutions, cybersecurity assessment services, managed security and incident response services, and cybersecurity training services. It helps SMEs quickly identify suitable solutions and strengthen their cyber defence capabilities. The programme will continue to enhance its services, promote resource sharing, and collaborate with the industry to build a safer digital business environment.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *