HK's privacy watchdog and HKPC launch data security training for SMEs

The Office of the Privacy Commissioner for Personal Data (PCPD) has joined hands with the Hong Kong Productivity Council (HKPC) to launch the “Data Security Training Series for SMEs” starting from this month. The training series is free-of-charge and aims to assist small and media-sized enterprises (SMEs) in enhancing their data security.

In the digital era, the consequences of cyber attacks, which may result in the leakage of the personal data of customers and employees, financial loss, reputational damage and even legal consequences, can be devastating to businesses. Both parties noted that SMEs in particular are more vulnerable to cyber threats, as they often lack the resources and expertise in cyber security to protect themselves against cyber attacks.

The training series consists of three seminars on different topics relating to data security, including strategies to prevent cyber attacks for SMEs, ways and means to handle a data breach incident and how to address the data security and privacy risks associated with artificial intelligence.

The first seminar will be held on 20 March, which will explore how SMEs can effectively prevent cyber attacks, highlighting common methods of attacks by hackers, preventive measures and response strategies.

Ada Chung Lai-ling, the privacy commissioner for personal data and Alex Chan, the general manager of the digital division of the HKPC, will share real cases of data breaches caused by cyber attacks in recent years and introduce practical measures to increase SMEs’ cybersecurity capabilities.

Don't miss: Survey: HK SMEs expect AI to replace human roles in marketing, but not until 2031

In fact, a recent QBE Insurance survey found over half of Hong Kong SMEs say they are fully informed of cyber risks, with 43% saying they are somewhat informed, up from 48% and 41% respectively. Despite this, the proportion of businesses experiencing a cyber event rose from 30% in 2024 to 33% this year. Meanwhile, this year's survey saw a fall in the proportion of businesses using cyber security solutions and software (down from 62% to 60%), staff training (45% to 43%), and cyber resilience consultants (42% to 36%).

While businesses may be reducing investment in these areas, they are however spending in other areas. The percentage of Hong Kong SMEs hiring dedicated cyber security staff rose from 43% to 49% over the past year, while those purchasing cyber insurance increased from 39% to 43%. The top three drivers for purchasing coverage this year include paying for legal services, hiring security or forensics experts, and covering data breach costs.

Of the 62% of respondents who do not have any form of cyber insurance, 63% would consider purchasing it, while 11% would categorically not consider it. Potential reasons include cost; the fact that their business doesn't store data; and the perceived low impact of such events on their businesses.

Related articles:

MCI hunts for game creators to educate students on cyber security
ID National Data Center falls prey to cyber attack, attackers demand RP131 billion ransom