Modern Australian
The Times

HKCERT Releases "Hong Kong Cybersecurity Outlook 2026" Security Incidents Hit Record High with 27% Annual Increase

AI-related Attacks and Supply Chain Risks Emerge as Top Concerns Nearly 30% of Enterprises Lack Dedicated Cybersecurity Personnel

HONG KONG SAR - Media OutReach Newswire - 28 January 2026 - The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), under the Hong Kong Productivity Council (HKPC), today hosted a media briefing to officially release the annual "Hong Kong Cybersecurity Outlook 2026".

The report reveals that cyberattacks have become more automated, targeted, and destructive with the rapid proliferation of Artificial Intelligence (AI) technologies, posing significant threats to business operations and information security. A record high 15,877 cybersecurity incidents were recorded in Hong Kong in 2025, marking a 27% year-on-year increase. The report also highlights five key cybersecurity risks expected to emerge in 2026, mainly under AI-related threats and supply chain vulnerabilities.

HKCERT also released the findings of the "Hong Kong Enterprise Cybersecurity Landscape", which analyses the current state of local enterprises' cybersecurity defences and resource allocation in the face of cyber risks. The study covered 622 enterprises (including 544 SMEs and 78 large enterprises) and interviewed 50 cybersecurity service providers to assess the key factors businesses consider when selecting cybersecurity services. The findings reveal that nearly 70% of enterprises have dedicated cybersecurity personnel, showing the increasing importance local businesses place on cybersecurity. Many SMEs have also begun strengthening their security measures, demonstrating a proactive awareness of cyber threats. However, they were behind large enterprises in terms of technology deployment and resource allocation. Moreover, around 35% of businesses using AI would enter corporate data into AI tools, suggesting that there is still room for improvement in local overall defence capabilities and AI governance awareness.

Mr Edmond LAI, Chief Digital Officer of HKPC, stated, "The proliferation of AI can drive innovation, but it can also become a powerful tool for hackers, making cyber threats stealthier and more scalable. Our report indicates a lack of governance in corporate use of AI tools. In particular, the limited resources and knowledge of SMEs may limit their full understanding of the potential risks involved. Moreover, supply chain attacks have become the weakest link in enterprise security, where a single vendor's vulnerability can trigger a chain reaction of crises, even if the enterprises have robust protective measures. To address these challenges, enterprises must shift from passive response to proactive deployment, starting with establishing clear AI usage guidelines and audit mechanisms, and deeply integrating them into the overall cybersecurity strategy".

Overview of Cybersecurity Incidents in 2025:

Phishing Accounts for Nearly 60% – Record-High Number of Cases

According to the latest statistics from HKCERT, a total of 15,877 cybersecurity incidents were reported in 2025, marking a new record high. Among them, phishing attacks remained the most prominent threat, accounting for nearly 60% (57%) of total cases. The rise of generative AI has made phishing messages increasingly realistic and harder to detect, further amplifying the associated risks. Attack delivery methods have expanded beyond traditional email to social media or instant messaging platforms (such as WhatsApp) (34%) and cryptocurrency platforms (18%).

In parallel, cases involving vulnerable systems also saw a sharp increase, with 2,328 incidents (15%), representing a more than 3.5-fold rise compared to the previous year. This suggests that attackers are actively exploiting misconfigurations and unpatched system vulnerabilities. Meanwhile, botnet-related incidents remained steady at 18%. While stable in number, botnets are notoriously difficult to eradicate completely, representing a long-term latent threat.

Top 5 Cybersecurity Risks in 2026

Based on industry expert analysis and HKPC's ongoing research into the local business environment, and considering industry trends and technological developments, HKCERT predicts that the following five cybersecurity risks will pose significant challenges to businesses in 2026:

  1. AI-Driven Attacks and Agentic AI Risks
  2. Weak AI Governance of Enterprises Increases Data Leakage Risks
  3. Supply Chain Vulnerabilities and Third-Party Security Gaps
  4. Over-Reliance on Cloud Infrastructure Creates Single Points of Failure
  5. Emerging Threats from AI-Enabled Devices

30% of Enterprises Lack Dedicated Cybersecurity Staff, SMEs Lag in Defense and Investment

"The Hong Kong Enterprise Cybersecurity Landscape" reveals nearly 70% of enterprises have dedicated cybersecurity personnel, showing the increasing importance place on cybersecurity. By company size, 67% of SMEs have personnel responsible for cybersecurity, and 95% of large enterprises do. Among them, 26% of SMEs have dedicated cybersecurity personnel, which is lower than the 59% of large enterprises, reflecting different challenges in resource allocation and professional support for companies of different sizes.

Many SMEs have already implemented basic protective measures, such as 48% of SMEs have adopted email security, but there is still room for improvement when compared to the 79% of large enterprises. For Privileged Access Management (PAM), 29% of SMEs are employed, which is still lower than 60% of large enterprises. The figure on using Advanced cybersecurity practices, such as Remote Access Security Measures (SMEs 31% vs 67%), also reflects that SMEs still need support in promoting technological upgrades, especially when data security is increasingly important today, the protection of SMEs of all sizes cannot be ignored.

Regarding investment and resource allocation, SMEs are generally cautious in their investment, but some companies have gradually increased their investment in cybersecurity and training. In the past year 13% of SMEs increased cybersecurity-related resources (including staff and tools), and 12% invested more resources in cybersecurity training. In comparison, the proportions for large enterprises were 41% and 50%, respectively. Looking ahead to the next 12 months, SMEs are relatively conservative in their plans for increasing resources — no matter in recruitment of cybersecurity personnel (SMEs 5% vs 15%), training (SMEs 13% vs 38%) and budget (SMEs 13% vs 36%). However, as cyber threats evolve, it is believed that enterprises will gradually increase their related investments to strengthen their overall defense capabilities.

HKCERT's Five Key Recommendations: Helping Enterprises Build Effective Cyber Defenses

HKCERT has outlined five key recommendations to help enterprises strengthen their cybersecurity posture:
  1. Assigning Personnel for Cybersecurity: Enterprises should assign employees with basic cybersecurity knowledge to be responsible for daily monitoring and response work, with clear division of responsibilities to ensure timely response to emergencies.
  2. Promoting AI Governance and Regulation: As the application of AI tools and third-party platforms becomes increasingly widespread, enterprises should formulate relevant policies and operational guidelines, clearly specifying the available tools and scope of data input, as well as procedures for responding to third-party incidents, to minimise operational and reputational risks.
  3. Collaborative Efforts of All Staff to Prevent Phishing Attacks: Enterprises should adopt both technical measures (such as email filtering and multi‑factor authentication) and an organisation‑wide security culture to jointly defend against phishing attacks. This helps enhance each employee's ability to identify suspicious emails and links, thereby reducing the risk of data leakage.
  4. Enhance Cybersecurity Awareness and Training across all Staff: Cybersecurity is a shared responsibility across the entire organisation. Enterprises should regularly provide targeted security training for different departments—especially for roles that handle sensitive data—and strengthen incident response capabilities through simulation exercises and case‑based learning to reduce human error.
  5. Strengthen Technical Protection Measures: Enterprises should implement essential cybersecurity technologies, including:
    • Email security and access‑rights control
    • Data protection measures (such as encryption and backup)
    • Remote access security measures mechanisms (such as VPNs and identity authentication)
    • Proactive security solutions (such as intrusion detection and firewall monitoring)

As cyber threats grow increasingly complex and attack techniques become more advanced, enabling SMEs to effectively deploy cybersecurity defences has become a shared responsibility across society. In addition to operating a 24-hour incident reporting and supporting hotline, HKCERT continuously monitors local online activities. When cyberattacks targeting Hong Kong are detected, it proactively traces and disrupts the source and issues timely public alerts. In recent years, HKCERT has also leveraged self‑developed AI systems to take down phishing websites in advance, preventing incidents before they occur. To strengthen preventive measures and promote education among SMEs, HKCERT has published multiple security guidelines addressing emerging technology risks, helping technical personnel understand and adopt appropriate protection strategies. At the same time, HKCERT actively promotes cybersecurity awareness through a dedicated webpage on in‑depth analysis of major phishing and ransomware attacks, as well as by organising large‑scale public events and participating in over 30 seminars annually.

Since last year, HKCERT further acted as a bridge between SMEs and cybersecurity service providers to launch the Cybersecurity Service Providers Connect Programme with Digital Policy Office. The Programme offers a one-stop platform that brings together 21 vetted cybersecurity service providers, covering four key areas, including Internet Security Solutions, Cybersecurity Assessment Services, Managed Security and Incident Response Services, and Cybersecurity Training Services. It helps SMEs quickly identify suitable solutions and strengthen their cyber defence capabilities. The Programme will continue to enhance its services, promote resource sharing, and collaborate with the industry to build a safer digital business environment.

Hashtag: #HKCERT

The issuer is solely responsible for the content of this announcement.

About Hong Kong Computer Emergency Response Team Coordination Centre

Managed by the Hong Kong Productivity Council (HKPC), Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) is the centre for coordination of computer security incident response for local enterprises and Internet Users. Its missions are to facilitate information disseminating, provide advices on preventive measures against security threats and to promote information security awareness.

HKCERT collaborates with local bodies to collect and disseminate information, and coordinate response actions. HKCERT is also a member of the Forum of Incident Response and Security Teams (FIRST) and the Asia Pacific Computer Emergency Response Team (APCERT). We exchange information with other CERTs and act as a point of contact on cross-border security incidents.

About the Hong Kong Productivity Council
The Hong Kong Productivity Council (HKPC) is a statutory body established in 1967, dedicated to enhancing the productivity and competitiveness of Hong Kong enterprises through world-class applied R&D, innovative technology services, and integrated manufacturing solutions. As a market-oriented, international R&D organisation, HKPC leverages its deep expertise and extensive industry experience in key areas such as AI, advanced manufacturing, life and health technology, green technology and new energy to drive new industrialisation and support the growth of emerging and future industries.

HKPC focuses on addressing businesses challenges and industrial technology needs, promoting the full integration between technological and industrial innovation. Through technology transfer, product innovation, intellectual property protection and commercialisation of R&D outcomes, the Council fosters collaboration with the local business community as well as top global R&D institutions, delivering added value to industries and advancing the development of new productive forces. HKPC's world-class R&D achievements have been widely recognised over the years, winning an array of local and overseas accolades, reinforcing Hong Kong's role as an international innovation and technology centre and a smart city.

To help enterprises capitalise on Hong Kong's strengths in international connectivity to expand into global markets, HKPC offers comprehensive overseas expansion services tailored to critical areas including product development, technology, manufacturing, and management, enabling businesses to successfully go global from Hong Kong.

HKPC is also committed to providing timely and practical support to SMEs and startups with timely and practical , assisting them in accessing Government funding programmes. Through its FutureSkills training initiatives, HKPC helps both industry and academia stay ahead in latest digital and STEM technologies, nurturing a future-ready talent pool for Hong Kong.

For more information, please visit HKPC's website:

Chatswood Tutoring And Its Role In Academic Achievement

Academic success often requires more than classroom attendance alone. Students face increasing expectations as they progress through school, particu...

Why Laser Hair Removal Treatments Continue Growing In Popularity

Managing unwanted hair can become time-consuming and frustrating for many people, especially when shaving, waxing, and other temporary methods requi...

Choosing the Right Devices for a Flexible Workplace

For IT leaders managing large fleets, the device layer is where workforce productivity and security policy meet. The shift towards flexible and hybrid...

How Business Advisory Services Help Companies Achieve Sustainable Growth

Every business owner aims to build a profitable and sustainable organisation. While dedication, innovation, and hard work are important, achieving l...

Why Body Contouring Has Become A Popular Cosmetic Treatment

Many people maintain healthy lifestyles through regular exercise and balanced eating habits but still struggle with stubborn areas of fat that are d...

How to Choose the Right POS Hardware for Your Business in Australia

A lot of Australian business owners spend weeks researching POS software but buy hardware almost as an afterthought. That's a mistake. The wrong har...

Why Material Handling Hose Is Critical for Industrial Efficiency

A high-performance material handling hose is an essential component in industries that transport abrasive, dry, or bulk materials on a daily basis...

How to Choose the Right Lawyer in Melbourne for Your Situation

Choosing legal support can feel difficult, especially when the stakes are personal or business-related. The right lawyer in Melbourne should underst...

Hoteliers Look to Clever Value Adds to Increase Revenue

The Australian hospitality industry is still in recovery mode after a notoriously rough patch in recent years. While there has been a post-COVID tra...

Moving to Queensland? Here’s How to Prep Your Car for the Big Move North

There’s no sign of the northern migration slowing down, with thousands of southerners fleeing from chaotic lifestyles and cooler climates for a brig...

Diesel Shortage to Impact Trades and Contractors

Strait of Hormuz blockage affecting all major parts of trades and construction Trades and construction across residential, commercial and industria...

Why Holiday Home Owners Turn to Rental Management Agents

The Allure — and the Reality — of Renting Out Your Property Owning a holiday home is a dream for many Australians. Whether it's a beachside sha...

Why Finding Reliable Doctors In Bundoora Is Important For Long-Term Health

Access to quality healthcare plays an important role in maintaining overall wellbeing and managing health concerns early. Trusted Doctors in Bundoor...

Understanding the Different Types of Car Services: Minor vs Major

When it comes to car maintenance, one of the most important things every vehicle owner should understand is the difference between a minor and a maj...

How Superannuation and TPD Insurance Work Together

Superannuation is an essential part of financial planning in Australia. It is designed to provide individuals with income during retirement, helping...

Tiny Towns funding granted for Mt Hotham and Mt Buller upgrades

Alpine Resorts Victoria (ARV) has welcomed funding support from the Victorian Government’s  Tiny Towns Fund, with both Mt Hotham and Mt Buller se...

Locksmith Services: Why Professional Security Solutions Matter More Than Ever

Security is a critical concern for homeowners, businesses, and vehicle owners alike. Whether it involves protecting a property, replacing damaged lo...

Why Tooth Fillings Are Important For Protecting Damaged Teeth

Cavities and minor tooth damage are common dental problems that can worsen if left untreated. Professional tooth fillings help restore damaged teeth, ...