Hong Kong's Digital Shield: Navigating the Evolving Cyber Threat Landscape with Innovation and Collaboration

Compliance Hub

Compliance Hub

6 min read
Hong Kong's Digital Shield: Navigating the Evolving Cyber Threat Landscape with Innovation and Collaboration
Photo by Simon Zhu / Unsplash

Hong Kong, a bustling international hub and a burgeoning smart city, faces a constantly evolving digital threat landscape. With its deep reliance on advanced transportation, telecommunications, financial, and utility infrastructures, the city is a prime target for cyberattacks. From sophisticated nation-state actors to the industrialization of cybercrime, the challenges are immense, yet Hong Kong is bolstering its defenses with innovative technologies, robust legislation, and strong collaborative efforts.

The Intensifying Cyber Threat

The global cyber threat situation is undergoing dramatic transformation, driven by rapid technological advancements and escalating geopolitical tensions. In 2024, global economic losses from cybercrime were estimated to reach a staggering US$9.5 trillion, projected to rise to US$10.5 trillion in 2025. Hong Kong is not immune; in 2024, the Cyber Security and Technology Crime Bureau (CSTCB) recorded over 33,000 technology crime cases, accounting for 35% of the overall crime rate, with financial losses exceeding HK$5.1 billion. More than 80% of these were online deception cases.

The Dual-Edged Sword of AI: Artificial intelligence (AI) is reshaping the cybersecurity landscape in profound ways, both empowering attackers and strengthening defenders.

  • AI in Attacks: AI-powered cyberattacks have rapidly evolved from theoretical risks to tangible threats, making sophisticated capabilities more accessible even to less skilled hackers. Threat actors leverage generative AI to create highly convincing phishing scams tailored to target profiles, bypassing traditional detection methods. Suspected AI-generated source code has been observed in attacks, such as one launched by APT group "UTG-Q-015" in December 2024, a watering hole attack that potentially affected millions of websites in China. Deepfake scams are also emerging as insidious tactics for triggering unauthorized fund transfers. The cybercrime economy has industrialized into a specialized marketplace where "Malicious-AI-as-a-Service" platforms trade leaked cloud credentials, Large Language Model (LLM) services, and compromised AI systems, significantly lowering the technical barrier for cybercriminals.
  • Human Error: Despite technological advancements, human error remains a critical vulnerability, exploited through weak passwords, unpatched systems, deceptive HR onboarding, and deepfake scams that bypass sophisticated defenses.

Other prevalent threats include:

  • Ransomware: A major profit engine for cybercriminals, with over 5,000 disclosed attacks on enterprises worldwide in 2024, an 11% increase from 2023. In Hong Kong, ransomware cases doubled to 46 in 2024, with demands reaching up to HK$38.8 million. CSTCB strongly advises victims not to pay ransoms, as it does not guarantee data recovery and fuels criminal organizations.
  • Supply Chain Attacks: These have been on the rise, with attackers compromising trusted development pipelines and open-source projects to deliver malware, offering high economic efficiency by affecting thousands of downstream victims.
  • Phishing: Over 65% of cyber threat intelligence targeting Hong Kong in 2024 was related to phishing, driven by low development costs, minimal technical barriers, and the ease of large-scale deployment, now enhanced by AI technologies.

Hong Kong's Multi-Pronged Defense

Hong Kong's strategy to safeguard its cyberspace involves a multi-pronged approach that combines legislative action, technological innovation, and extensive collaboration.

1. Legislative Fortification: A solid legal foundation is indispensable in combating cybercrime. The Protection of Critical Infrastructures (Computer Systems) Bill was passed in March 2025 and is expected to take effect on January 1, 2026. This landmark legislation will impose statutory requirements on designated critical infrastructure operators to implement robust security measures and report security incidents within specified timeframes (12 hours for serious incidents, 48 hours for others), with non-compliance potentially resulting in significant fines. This move aims to strengthen the cyber resilience of essential services, ensuring their continuous operation and protecting economic stability. The Law Reform Commission is also studying cybercrime and has recommended legislation for five categories of cyber-dependent crimes, with ongoing discussions on cyber-enabled crimes like deepfake scams.

2. Technological Innovation and Enforcement: The CSTCB, celebrating its 10th anniversary in 2025, is at the forefront of Hong Kong's cyber defense. It proactively gathers cyber threat intelligence, secures critical infrastructure networks, and leads public education initiatives.

  • Cyber Threat Intelligence: In 2024, CSTCB's Cyber Security Centre handled and analyzed over 25 million pieces of cyber threat intelligence, with more than 440,000 targeting Hong Kong specifically.
  • Security Operation Centre Alliance (SOCA): Established by CSTCB in late 2024, SOCA is a core cyber threat intelligence exchange platform connecting large-scale and critical infrastructures across Hong Kong, providing timely alerts and countermeasures.
  • Scameter+: A key public protection tool, the "Scameter" mobile application was significantly upgraded in February 2024 to include AI-powered analytic tools, automatic detection of scam calls and fraudulent websites, and a public intelligence-sharing platform. By the end of 2024, it had completed nearly 6.8 million risk assessments and saw over 860,000 downloads. Its "Suspicious Account Alert" mechanism was extended to ATM transactions in December 2024, covering most routine fund transfers. The "Scameter series" has received international awards, including the "International Press Prize" and a Gold Medal at the 50th International Exhibition of Inventions of Geneva in April 2025.
  • Hong Kong Monetary Authority (HKMA) Initiatives: The HKMA's Cybersecurity Fortification Initiative (CFI), implemented in 2016, focuses on three pillars to raise the cyber resilience of Hong Kong's banking system: the Cyber Resilience Assessment Framework (C-RAF), a Professional Development Programme (PDP) for cybersecurity professionals, and a Cyber Intelligence Sharing Platform (CISP) to facilitate timely intelligence sharing across the banking sector.

3. Collaboration and Public Awareness: Recognizing that no one is immune to cyber threats, Hong Kong emphasizes strong collaboration and public education.

  • Public-Private Partnerships: Countering next-generation threats requires a paradigm shift towards public-private collaboration to pool intelligence and strengthen collective resilience. The "CyberDefenders' Alliance," launched in 2024, brings together over 100 public and private organizations to combat online scams and strengthen cybersecurity through publicity campaigns.
  • International Cooperation: International cooperation is pivotal in combating cross-border cybercrime through information sharing, leveraging expertise, and joint operations. CSTCB's Chief Superintendent was appointed Vice-Chairperson of INTERPOL Asia and South Pacific Joint Operations on Cybercrime Working Group in 2024. CSTCB has co-organized numerous workshops, meetings, and joint operations with INTERPOL, such as the cross-border "BATTLEAIR" Counter Cyber and Physical Terrorism Joint Exercise in 2024. A joint operation codenamed "Operation DISTANTHILL" in June 2024 successfully dismantled a Malaysia-based cross-border scam syndicate targeting victims in Singapore and Hong Kong, highlighting the importance of such collaborations.
  • Public Education and Training: CSTCB conducts various initiatives to raise public and corporate cybersecurity awareness:
    • Ethical Phishing Email Campaign: In 2024, this campaign involved 37,220 participants from 216 organizations, revealing that about 78% of participating organizations had at least one employee click a phishing link, highlighting persistent vulnerability.
    • BugHunting Campaign: Collaborating with a cybersecurity start-up and the Office of the Privacy Commissioner for Personal Data (PCPD), this campaign offers vulnerability tests and professional consultations to enterprises, especially SMEs.
    • Cyber Attack and Defence Elite Training cum Tournament (CADET2): A three-day event in August 2024 that provided attack and defense training to 160 personnel from over 70 organizations and attracted 740 cybersecurity talents to compete.
    • Greater Bay Area Youth Artificial Intelligence and Cyber Security Challenge 2024: A collaborative initiative to raise cybersecurity awareness and promote AI literacy among youth, attracting 1,182 students from 126 schools across Guangdong, Hong Kong, and Macao.
    • Anti-Scam Carnival: A two-day event in December 2024 that attracted nearly 20,000 citizens to learn about scam prevention, anti-money laundering, and cyber pitfalls through interactive experiences.

Lessons Learned and Moving Forward

CSTCB's analysis of cybersecurity incidents consistently identified three recurring problems: inadequate access control and configuration, outdated and unpatched systems, and a lack of effective threat detection mechanisms. For instance, a ransomware attack on a local education institution in May 2024 was linked to an unpatched firewall, and a local financial institution in December 2024 suffered account compromises due to outdated servers. On average, it took victim organizations 258 days to identify and contain a data breach, with longer times increasing recovery costs.

To address these vulnerabilities, organizations must:

  • Implement rigorous system vulnerability management, multi-factor authentication, and account lockout policies.
  • Ensure timely security updates for all systems, including firewalls and legacy infrastructure.
  • Deploy robust threat detection capabilities like Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) solutions to shorten attacker dwell time.

As Hong Kong accelerates its digital transformation, AI will continue to be a collaborator boosting productivity but also posing new risks like shadow AI and security vulnerabilities. AI security is a key component of national security. Companies need robust security strategies and holistic IT infrastructure to manage AI-related challenges and enhance resilience. Integrating cybersecurity deeply into organizational strategy and daily operations is crucial for building a resilient digital environment that can withstand emerging threats, maintain business continuity, and enhance stakeholder trust.

Hong Kong's proactive stance, combining legislative foresight, technological innovation, and a strong emphasis on public-private and international collaboration, is essential for safeguarding its digital future against the relentless tide of cyber threats.

Read more

Global Digital Compliance Crisis: How EU/UK Regulations Are Reshaping US Business Operations and AI Content Moderation

Global Digital Compliance Crisis: How EU/UK Regulations Are Reshaping US Business Operations and AI Content Moderation

Executive Summary Bottom Line Up Front: The EU's Digital Services Act (DSA) is creating unprecedented global compliance challenges for US businesses, with UK regulations adding additional complexity post-Brexit. Meanwhile, AI-powered content moderation systems are causing mass account deletions and terms of service changes that could fundamentally alter online

By Compliance Hub
Generate Policy Global Compliance Map Policy Quest Secure Checklists Cyber Templates