Chinese companies’ spending on cybersecurity is almost a quarter more than the global average

View this page in: 繁體中文版

Hong Kong, 7 Dec 2017  - PwC’s Global State of Information Security® Survey 2018 (“GSISS”) findings show the average cybersecurity budget by survey respondents in mainland China and Hong Kong is 23.5% higher than the global average, with a total average budget of US$6.3 million per respondent.

A majority of the respondents, 83%, cited digital transformation as an underlying motivation for investing in cybersecurity. In terms of allocation, security for the Internet of Things (IoT) was the most popular security priority, according to 64% of respondents, while 60% documented improved collaboration among business, digital and IT departments. Biometrics and advanced authentication proved to be the third highest ranked priority, identified by 57% of respondents.

Marin Ivezic, Partner, Risk Assurance - Cybersecurity & Privacy, PwC China and Hong Kong says, “We are seeing that many enterprises in China, particularly tech-savvy companies, are increasingly sensitive to the potential damage cyber threats pose. Consequently, alert companies in China continue to leverage cybersecurity as a competitive advantage and are taking pre-emptive action to reduce their exposure.”

Advances in technologies such as AI, IoT, RPA/IPA, Blockchain, Big Data Analytics, Cloud and AR/VR are disrupting the global business landscape. As China leads the world in IoT development and adoption, companies here encounter greater stimuli to adapt to stay competitive in a market characterised by particularly high-paced advancement.  Notably, survey data shows that 72% of the respondents from mainland China and Hong Kong have an IoT security strategy in place, above the global average of 67%.

In terms of impacts of incidents, a number of high-profile cybersecurity incidents have been reported recently, leading to significant business interruptions as well as physical and environmental safety issues, sketching a trend that is anticipated to continue.  Survey findings for mainland China and Hong Kong, showed customer records were the most commonly acknowledged target of security infractions, flagged by 46% of respondents. Financial loss (38%) and email compromise (36%) were the next most significant impacts cited by respondents. 

Further, as mobile devices are becoming ubiquitous tools in workplaces, survey data reveals that 46% of respondents in the mainland and Hong Kong recorded exploitation of mobile devices as the point of breach in security incidents.  When it comes to the identity of perpetrators, former employees just edge out competitors as the most likely source of security incidents cited by survey respondents from the mainland and Hong Kong, with 42% compared to 41% respectively.

In addition to cyber security threats, companies must also prepare to meet the challenges of complying with rigorous new laws and regulations.  These include the China Cybersecurity Law, effective since June 2017, as well as the EU General Data Protection Regulations (GDPR), which is scheduled to come into effect in May 2018.  Businesses will have to ensure they adhere strictly to the rules or risk substantial costs for non-compliance. 

As survey findings indicate an increasingly complex cybersecurity landscape, the data also reflects that Chief Information Security Officer (CISO) / Chief Security Officer (CSO) roles are becoming more prevalent within Chinese companies, as are security professionals that reinforce security management. Notably, the roles are now acknowledged as significant by the more tech-savvy organisations. Exactly half of the China respondents said that their CISO or CSO reports directly to the CEO.

To conclude, Kenneth Wong, Cybersecurity & Privacy Lead, PwC China and Hong Kong / Asia Pacific and Risk Assurance Partner says, “Businesses face an increasingly complex security scenario. Companies that want to succeed in China and enter into overseas markets will need to keep adapting to the rapidly evolving technology which simultaneously expand business potential and broaden vulnerability to security incidents.  Looking ahead, winning strategies will effectively balance the risk of threats, while navigating the mounting regulatory commitments in China and around the world.”

To explore the survey findings by industry and region, visit:

Contact us

Shaun Soh
Tel: +[852] 2289 8470

Follow us