The average number of information incidents detected by Chinese companies has increased over 900% since 2014

PwC survey finds Internet of Things as a leading target of cyber-attacks now, though just 57% of China respondents are investing in a related security strategy.

Hong Kong, 29 Nov 2016

- PwC's Global State of Information Security® Survey 2017 ("GSISS") reveals the average number of detected security incidents by survey respondents in mainland China and Hong Kong reached 2,577 over the last 12 months, marking a 969% increase from 2014, and more than double the average recorded in 2015.

The increasing domestic trend is contrasted by global survey data which points to a slight decline, with a total worldwide average of 4,782 detected incidents reported in 2016, reflecting a 3% drop from the global average number of detected incidents reported since 2014.

In terms of investment, survey responses indicate a decrease was seen in information security budgets by companies from mainland China and Hong Kong in 2016, with a 7.6% reduction compared to the prior year. Nevertheless, 88% of those respondents acknowledged that digitisation has impacted their information security spending in 2016, and highlighted cybersecurity alignment with business strategy, and security governance as the top priority for such spending over the period. Additionally, 31.5% of respondents from mainland China and Hong Kong registered a specific intention to invest in advanced security technologies including Artificial Intelligence (AI) and Machine Learning technologies.

"We can see forward looking organizations in the domestic market are investing in advanced cybersecurity to define and defend their own differentiated value, while safeguarding paths to robust business growth," said Kenneth Wong, Cybersecurity & Privacy Lead, PwC China and Hong Kong.

With regard to the type of attack vector, 49% of respondents from mainland China and Hong Kong cited phishing as the top vector for cybersecurity issues, while business email compromise formed the biggest impact of incidents for the period. Once again, the role of insiders was flagged as the most common source of detected incidents. Business insiders accounted for 44% of all detected security incidents that were reported by respondents in mainland China and Hong Kong this year. Also of note, 34% of domestic respondents experienced security incidents attributed to competitors, markedly higher than the global average of 23%.

As organisations face evolving opportunities and threats, steps to strengthen cybersecurity with Internet of Things connected devices have become mainstream, along with the allocation of sensitive business functions to the cloud. Data for 2016 shows 57% of survey respondents in mainland China and Hong Kong are investing in a security strategy for the Internet of Things and 45% of all IT systems now run in a cloud environment, which compare to 46% and 48% with global respondents respectively.

Concurrently, both managed security services and open-source software are increasingly used to enhance capabilities, including cybersecurity, with some 75% of respondents from mainland China and Hong Kong indicating that they employ open-source software, compared to 53% of respondents globally.

"We are seeing more companies taking steps to develop their information technology security systems in response to the real and rising threat of cyber risks. Adaptation of cloud technologies and open source software signal how businesses are making cybersecurity a priority, despite not necessarily having the in-house capabilities in place just yet. While encouraging, companies will need to ensure their technology can keep up with the growing cybersecurity threats," said Marin Ivezic, Cybersecurity & Privacy Partner, PwC China and Hong Kong.

PwC's Global State of Information Security® Survey 2017 findings by industry and region -

Contact us

Julia In
Tel: +[852] 2289 8687

Kitty Liu
Deputy Manager
Tel: +[852] 2289 8739

Follow us