Companies in China see five-fold rise in average detected information security incidents in 2015

View this page in: 繁體中文版

PwC survey shows that customer data, internal records and intellectual property are the primary targets of cyber attacks in China and Hong Kong this year


Hong Kong, 10 Dec 2015 - The average number of detected information security incidents in China and Hong Kong over the last 12 months reached 1245, reflecting a sharp 417% rise, compared to the average of 241 recorded the year prior, according to PwC's Global State of Information Security® Survey 2016 ("GSISS").

Survey results showed a global average of 6,853 information security incidents spanning all industries in 2015. And while findings pointed to a slight decline in global average financial losses due to cybercrime to US$2.55 million in the last 12 months, companies in China and Hong Kong reported a rise of 10% from prior year to US$2.63 million over the period.

"We have seen an increase in security incidents in most key industries in China and Hong Kong over the last year, which is in line with the global trend. Today, we are witnessing attacks from all angles, but the industries facing the most impact include consumer, retail, and technology," said Kenneth Wong, PwC China and Hong Kong Cyber Security Leader.

In terms of targets, customer data, internal records, and intellectual property were the data most impacted by detected cyberattacks in China and Hong Kong. Respondents reported a 64% rise in security incidents that compromised customer records, much steeper than the global average increase of 35%.

Notably, respondents from China and Hong Kong documented current and former employees to be the source of exactly half of all detected security incidents. Further, the involvement of unknown inside sources accounted for up to 42% of detected security incidents.

As the cost of information security incidents continues to rise, firms have been adapting. Respondents from China and Hong Kong allocated 16% more funds to information security budgets in 2015 than in 2014. Those respondents also documented average spending of US$7.9 million in security, markedly larger than the global average of US$5.1 million.

"Companies must continue evolving their security strategies to stay prepared for ever-growing cyber risks. This should include implementing a robust control cycle to continuously identify new insider threats and improve security controls. It will also be important to integrate cyber security into plans for new technologies such as the Internet of Things, while reviewing gaps with the latest cyber laws and regulations," added Mr. Wong.

"We have developed a range of tools to help companies enhance their cyber readiness, one example being the "Game of Threats," hacking simulator that lets executives experience the pressures of decision making, as well as the consequences that stem from cyberattacks. The software gives a hands on demonstration of the value of adequate cybersecurity controls and strategies," said Megan Haas, PwC China and Hong Kong Forensic Services Partner.

The eighteenth PwC Global State of Information Security® Survey 2016 was conducted online between May and June 2015. It is based on responses from more than 10,000 individuals spanning CEOs, CFOs, CIOs, CISOs, CSOs, VPs and directors of IT and security practices from businesses spread over 127 countries. Over 330 of the respondents were based in China and Hong Kong.