Press release
SSH.COM-sponsored Cyber Security Study Recommends Hong Kong Enterprises to Put More Effort into Managing 3rd Party Risks
A landmark survey assesses the state of cybersecurity and key development needs in Hong Kong
Hong Kong – May 4, 2018 –a major survey shows that Hong Kong enterprises’ cybersecurity practices were on the “Basic” level, with third-party risk management, cyber threat detection, and cybersecurity awareness being the key areas of improvement for 2018.
The SSH.COM sponsored study, called SSH Hong Kong Enterprise Cyber Security Readiness Index Survey 2018, is the first of its kind to apply the comprehensive Hong Kong Enterprise Cyber Security Readiness Index (HKECSRI) framework developed by the Hong Kong Productivity Council (HKPC) with the support of its Hong Kong Computer Emergency Response Team Coordination Centre. The index classified the cybersecurity readiness on a scale of 0-100 with the following five levels: “Unaware”, “Ad-hoc”, “Basic”, “Managed” and “Anticipated”, categorized in the order of maturity.
The overall security maturity of 45.6 indicated only a Basic level of maturity, while some cybersecurity indicators were on “Managed” and “Anticipated” levels. Large enterprises (58.3) and the financial sector (60.5) scored better than the average in terms of organization size and surveyed sectors respectively but their maturity levels still fall in the upper end of “Basic” or the lower end of “Managed” levels. The best performing areas across the board were data backup management (87.8) and privileged access management (64.3). At the other end of the spectrum, third-party risk management (19.8) ranked at the lowest level (Unaware) of security maturity.
Mr. Wilson Wong, General Manager (IT) of HKPC said: “Not surprisingly, nearly all of the respondents (97%) regarded IT systems and data as highly important. At the same time, the score for 3rd party risk management was surprisingly low, even though 3rd parties can access a lot of the critical and sensitive data of a company. We strongly encourage companies and organizations to conduct a thorough cybersecurity risk assessment of partners who will connect to their IT infrastructure and impose strict access controls to enhance management of third party risks.”
Mr. Ricky Ho, Vice President, Asia Pacific, SSH.COM, said: “It hardly comes as a surprise to anyone that the increasingly networked nature and growing externalization of most businesses creates a need for 3rd parties to access to companies’ precious digital core. However, as indicated by this study, organizations still have a lot of room to improve, particularly in tracking who can access critical and sensitive resources and for what purpose. The good news is that this issue can be solved quickly and painlessly with SSH’s non-intrusive approach that requires no changes to the existing infrastructure.”
For a copy of the full HKECSRI 2018 study, please click here.
About SSH Communications Security
SSH.COM helps organizations access, secure, and control their digital core – their critical data, applications, and services. We have over 3,000 customers worldwide, including 40 percent of Fortune 500 companies, many of the world's largest financial institutions, and major organizations in all verticals. We are committed to helping our customers thrive in the cloud era with solutions that offer secure access with zero inertia, zero friction, and zero credentials risk. SSH.COM sells online; through offices in North America, Europe, and Asia; and a global network of certified partners. The company's shares (SSH1V) are quoted on the NASDAQ Helsinki. For more information, visit www.ssh.com.
For more information:
SSH Communications Security Corporation
Jussi Mononen, VP Business Development
jussi.mononen@ssh.com
tel. +358 45 6154855