HONG KONG SAR - Media OutReach Newswire - 28 January 2026 - The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), under the Hong Kong Productivity Council (HKPC), today hosted a media briefing to officially release the annual "Hong Kong Cybersecurity Outlook 2026". The report reveals that cyberattacks have become more automated, targeted, and destructive with the rapid proliferation of Artificial Intelligence (AI) technologies, posing significant threats to business operations and information security. A record high 15,877 cybersecurity incidents were recorded in Hong Kong in 2025, marking a 27% year-on-year increase. The report also highlights five key cybersecurity risks expected to emerge in 2026, mainly under AI-related threats and supply chain vulnerabilities.

HKCERT also released the findings of the "Hong Kong Enterprise Cybersecurity Landscape", which analyses the current state of local enterprises' cybersecurity defences and resource allocation in the face of cyber risks. The study covered 622 enterprises (including 544 SMEs and 78 large enterprises) and interviewed 50 cybersecurity service providers to assess the key factors businesses consider when selecting cybersecurity services. The findings reveal that nearly 70% of enterprises have dedicated cybersecurity personnel, showing the increasing importance local businesses place on cybersecurity. Many SMEs have also begun strengthening their security measures, demonstrating a proactive awareness of cyber threats. However, they were behind large enterprises in terms of technology deployment and resource allocation. Moreover, around 35% of businesses using AI would enter corporate data into AI tools, suggesting that there is still room for improvement in local overall defence capabilities and AI governance awareness.

Mr Edmond LAI, Chief Digital Officer of HKPC, stated, "The proliferation of AI can drive innovation, but it can also become a powerful tool for hackers, making cyber threats stealthier and more scalable. Our report indicates a lack of governance in corporate use of AI tools. In particular, the limited resources and knowledge of SMEs may limit their full understanding of the potential risks involved. Moreover, supply chain attacks have become the weakest link in enterprise security, where a single vendor's vulnerability can trigger a chain reaction of crises, even if the enterprises have robust protective measures. To address these challenges, enterprises must shift from passive response to proactive deployment, starting with establishing clear AI usage guidelines and audit mechanisms, and deeply integrating them into the overall cybersecurity strategy".

Overview of Cybersecurity Incidents in 2025:

Phishing Accounts for Nearly 60% – Record-High Number of Cases

According to the latest statistics from HKCERT, a total of 15,877 cybersecurity incidents were reported in 2025, marking a new record high. Among them, phishing attacks remained the most prominent threat, accounting for nearly 60% (57%) of total cases. The rise of generative AI has made phishing messages increasingly realistic and harder to detect, further amplifying the associated risks. Attack delivery methods have expanded beyond traditional email to social media or instant messaging platforms (such as WhatsApp) (34%) and cryptocurrency platforms (18%).

In parallel, cases involving vulnerable systems also saw a sharp increase, with 2,328 incidents (15%), representing a more than 3.5-fold rise compared to the previous year. This suggests that attackers are actively exploiting misconfigurations and unpatched system vulnerabilities. Meanwhile, botnet-related incidents remained steady at 18%. While stable in number, botnets are notoriously difficult to eradicate completely, representing a long-term latent threat.

Top 5 Cybersecurity Risks in 2026

Based on industry expert analysis and HKPC's ongoing research into the local business environment, and considering industry trends and technological developments, HKCERT predicts that the following five cybersecurity risks will pose significant challenges to businesses in 2026:

1. AI-Driven Attacks and Agentic AI Risks
2. Weak AI Governance of Enterprises Increases Data Leakage Risks
3. Supply Chain Vulnerabilities and Third-Party Security Gaps
4. Over-Reliance on Cloud Infrastructure Creates Single Points of Failure
5. Emerging Threats from AI-Enabled Devices

30% of Enterprises Lack Dedicated Cybersecurity Staff, SMEs Lag in Defense and Investment "The Hong Kong Enterprise Cybersecurity Landscape" reveals nearly 70% of enterprises have dedicated cybersecurity personnel, showing the increasing importance place on cybersecurity. By company size, 67% of SMEs have personnel responsible for cybersecurity, and 95% of large enterprises do. Among them, 26% of SMEs have dedicated cybersecurity personnel, which is lower than the 59% of large enterprises, reflecting different challenges in resource allocation and professional support for companies of different sizes.

Many SMEs have already implemented basic protective measures, such as 48% of SMEs have adopted email security, but there is still room for improvement when compared to the 79% of large enterprises. For Privileged Access Management (PAM), 29% of SMEs are employed, which is still lower than 60% of large enterprises. The figure on using Advanced cybersecurity practices, such as Remote Access Security Measures (SMEs 31% vs 67%), also reflects that SMEs still need support in promoting technological upgrades, especially when data security is increasingly important today, the protection of SMEs of all sizes cannot be ignored.

Regarding investment and resource allocation, SMEs are generally cautious in their investment, but some companies have gradually increased their investment in cybersecurity and training. In the past year 13% of SMEs increased cybersecurity-related resources (including staff and tools), and 12% invested more resources in cybersecurity training. In comparison, the proportions for large enterprises were 41% and 50%, respectively. Looking ahead to the next 12 months, SMEs are relatively conservative in their plans for increasing resources — no matter in recruitment of cybersecurity personnel (SMEs 5% vs 15%), training (SMEs 13% vs 38%) and budget (SMEs 13% vs 36%). However, as cyber threats evolve, it is believed that enterprises will gradually increase their related investments to strengthen their overall defense capabilities.

HKCERT's Five Key Recommendations: Helping Enterprises Build Effective Cyber Defenses

HKCERT has outlined five key recommendations to help enterprises strengthen their cybersecurity posture:

1. Assigning Personnel for Cybersecurity: Enterprises should assign employees with basic cybersecurity knowledge to be responsible for daily monitoring and response work, with clear division of responsibilities to ensure timely response to emergencies.
2. Promoting AI Governance and Regulation: As the application of AI tools and third-party platforms becomes increasingly widespread, enterprises should formulate relevant policies and operational guidelines, clearly specifying the available tools and scope of data input, as well as procedures for responding to third-party incidents, to minimise operational and reputational risks.
3. Collaborative Efforts of All Staff to Prevent Phishing Attacks: Enterprises should adopt both technical measures (such as email filtering and multi‑factor authentication) and an organisation‑wide security culture to jointly defend against phishing attacks. This helps enhance each employee's ability to identify suspicious emails and links, thereby reducing the risk of data leakage.
4. Enhance Cybersecurity Awareness and Training across all Staff: Cybersecurity is a shared responsibility across the entire organisation. Enterprises should regularly provide targeted security training for different departments—especially for roles that handle sensitive data—and strengthen incident response capabilities through simulation exercises and case‑based learning to reduce human error.
5. Strengthen Technical Protection Measures: Enterprises should implement essential cybersecurity technologies, including:
   • Email security and access‑rights control
   • Data protection measures (such as encryption and backup)
   • Remote access security measures mechanisms (such as VPNs and identity authentication)
   • Proactive security solutions (such as intrusion detection and firewall monitoring)

As cyber threats grow increasingly complex and attack techniques become more advanced, enabling SMEs to effectively deploy cybersecurity defences has become a shared responsibility across society. In addition to operating a 24-hour incident reporting and supporting hotline, HKCERT continuously monitors local online activities. When cyberattacks targeting Hong Kong are detected, it proactively traces and disrupts the source and issues timely public alerts. In recent years, HKCERT has also leveraged self‑developed AI systems to take down phishing websites in advance, preventing incidents before they occur. To strengthen preventive measures and promote education among SMEs, HKCERT has published multiple security guidelines addressing emerging technology risks, helping technical personnel understand and adopt appropriate protection strategies. At the same time, HKCERT actively promotes cybersecurity awareness through a dedicated webpage on in‑depth analysis of major phishing and ransomware attacks, as well as by organising large‑scale public events and participating in over 30 seminars annually.

Since last year, HKCERT further acted as a bridge between SMEs and cybersecurity service providers to launch the Cybersecurity Service Providers Connect Programme with Digital Policy Office. The Programme offers a one-stop platform that brings together 21 vetted cybersecurity service providers, covering four key areas, including Internet Security Solutions, Cybersecurity Assessment Services, Managed Security and Incident Response Services, and Cybersecurity Training Services. It helps SMEs quickly identify suitable solutions and strengthen their cyber defence capabilities. The Programme will continue to enhance its services, promote resource sharing, and collaborate with the industry to build a safer digital business environment.

Hashtag: #HKCERT

The issuer is solely responsible for the content of this announcement.