According to Media OutReach Newswire, on January 28, 2026, the Hong Kong Cyber Security Incident Response Team Coordination Center (HKCERT) of the Hong Kong Productivity Council (HKPC) released its annual "Hong Kong Cybersecurity Outlook 2026" at a media briefing. The report points out that with the rapid spread of artificial intelligence (AI) technology, cyber attacks have become more automated, targeted and destructive, threatening business operations and information security. 15,877 cyber security incidents will be recorded in Hong Kong in 2025, a year-on-year increase of 27%, which is a record high. The report also predicts that five major cybersecurity risks will emerge in 2026, mainly categorized into AI applications and supply chain risks.

HKCERT released on the same day the findings of its study on "The Current State of Cybersecurity in Hong Kong Enterprises", which analyzes the current state of local enterprises' defensive capabilities and resource allocation in the face of cyber risks. The study covers 622 enterprises (including 544 small and medium-sized enterprises (SMEs) and 78 large enterprises) and interviews 50 cybersecurity service providers to assess the important factors for local enterprises in choosing cybersecurity services. According to the study, 70% of the enterprises have set up cybersecurity manpower, reflecting that local enterprises have been attaching greater importance to cyber defense. Many SMEs have strengthened their security deployment and demonstrated their awareness of proactively tackling threats, but there is still a gap in technology application and resource investment compared to large enterprises. In addition, 351 TP3T AI-enabled enterprises indicated that they would input their company data into AI tools, indicating that there is still room for further enhancement of the overall local defense capability and awareness of AI governance.

Mr. Benny Lai, Chief Digital Officer of HKPC, said:"The proliferation of AI technology can drive innovation, but it can also become a tool for hackers, making cyber threats more insidious and larger in scale. According to the report, there is a general lack of clarity in the use of AI tools, especially among SMEs, which may not be fully aware of the potential risks due to resource and cognitive constraints. In addition, supply chain attacks have become the most vulnerable part of an organization's security defenses. Even if an organization's own protection measures are sound, the vulnerability of a single partner is enough to trigger a chain of crises. In the face of these challenges, enterprises must shift from reactive to proactive deployment, and begin to develop clear specifications and audit mechanisms for AI usage, which can be deeply integrated into their overall cybersecurity strategy."

2025 Net Safety Accident Profile:

Phishing attacks accounted for nearly 60% of the record-breaking number of accidents

According to HKCERT's latest statistics, a total of 15,877 cyber security incidents will be recorded in 2025, with phishing attacks continuing to be the most significant source of threats, accounting for nearly 60% (57%) of the total incidents. As generative AI makes phishing messages more realistic and harder to recognize, it further aggravates cybersecurity risks. Phishing attacks are also spreading from traditional email to social media or instant messaging platforms (e.g., WhatsApp) (34%), cryptocurrency platforms (18%), and so on.

Meanwhile, the number of vulnerable systems has also increased significantly (2,328 cases, accounting for 15% of the total incidents), more than 3.5 times higher than last year, indicating that system misconfigurations and untimely patching of vulnerabilities have created a gap in cybersecurity. Botnet cases are similar to last year (18%). Although the trend is unchanged, botnets are extremely difficult to eliminate and are a long-term potential source of threat.

Top 5 Cybersecurity Risks in 2026

Based on industry experts' analysis and HKPC's continuous research on the local business environment, HKCERT predicts that the following five major cybersecurity risks will pose significant challenges to enterprises in 2026, summarizing industry trends and technological developments:

1. AI-Driven Cyber Attacks and Agentic AI Risks (Agentic AI)

With the increasing advancement of AI technology, hackers have begun to utilize AI to carry out more advanced attacks. In particular, agent-based AIs with autonomous learning and execution capabilities are able to make judgments and take actual actions on their own without human intervention. Once hacked, they will automatically execute potentially malicious commands, making attacks more difficult to predict and prevent.

2. Weak Corporate AI Regulation Exacerbates Impact of Data Breaches

In the absence of an internal AI governance framework, sensitive corporate data (e.g., customer information, contract content, etc.) may be leaked due to employee misuse of public AI platforms. Common scenarios include employees using unauthorized tools and not having a good understanding of the platform's privacy statement, misjudging the security of the data, and then entering sensitive content, resulting in actual leakage.

3. Supply Chain Vulnerabilities and Third Party Security Gaps

Enterprises are increasingly relying on outsourced services and third-party platforms to handle their business processes. However, when these partners are subject to cyberattacks or security system vulnerabilities, the network security of the enterprise can be seriously affected. Even if the enterprise has good defense measures, it may still be indirectly harmed by the vulnerability of the partner.

4. Over-reliance on cloud infrastructure leads to a single point of failure.

Cloud platforms have become the infrastructure for day-to-day business operations, including data storage, application deployment, communication and backup, etc. However, over-reliance on a single cloud provider without a backup solution will render enterprises unable to operate in the event of platform failure or provider outage. However, over-reliance on a single cloud provider without a redundancy solution will render enterprises unable to operate in the event of platform failure or provider outage.

5. Emerging Threats from AI-Enabled Devices

As intelligent devices such as voice assistants, office or customer service robots are widely used in operations, these AI-enabled devices are beginning to expose potential security risks. These devices are often configured with large language models to help understand and parse human commands. However, as large language models are embedded into physical systems, the security vulnerabilities that existed in the digital environment may be further extended to affect the real world. In the absence of rigorous authentication mechanisms, they are vulnerable to erroneous commands or voice spoofing, which can lead to the execution of dangerous actions.

Nearly 30% of enterprises still do not have staff responsible for cybersecurity SMEs need to strengthen defenses and investment.

The results of the "Hong Kong Enterprise Cybersecurity Landscape" show that more than 70% (71%) of enterprises have cybersecurity staff, reflecting that the overall emphasis on cybersecurity is gradually increasing. In terms of enterprise size, 67% SMEs have staff responsible for cybersecurity, while more than 90% (95%) of large enterprises have such staff. Among them, 26% SMEs have full-time cybersecurity staff, which is still a gap compared with 59% large enterprises, reflecting the different challenges in resource allocation and professional support for enterprises of different sizes.

Many SMEs have already deployed basic protection measures, for example, 48% SMEs have adopted email security solutions, but there is still room for further enhancement compared to the 79% of large enterprises. As for Privileged Access Management (PAM), the adoption rate of SMEs is 29%, which is also lower than that of large enterprises (60%). Advanced protection technologies such as data protection measures (39% for SMEs and 72% for large enterprises) also reflect that SMEs still need support in promoting technological upgrades, especially in the face of the growing importance of data security, the protection of large, medium and small enterprises alike should not be overlooked. In particular, with the growing importance of data security, the protection of large, medium and small enterprises alike should not be overlooked.

In terms of resource investment, although SMEs have been relatively cautious in their overall investment, some of them have gradually stepped up their investment in cybersecurity and training. Over the past year, 13% of SMEs have increased resources (manpower, equipment, etc.) for cybersecurity, while 12% of SMEs have increased investment in cybersecurity training. In comparison, the proportion of large enterprises is 41% and 50% respectively. Looking ahead to the next 12 months, SMEs are more conservative in terms of hiring additional cybersecurity manpower (5% for SMEs and 15% for large enterprises), training (13% for SMEs and 38% for large enterprises), and budget (13% for SMEs and 36% for large enterprises), but as the threat landscape continues to evolve, the number of SMEs will continue to grow. However, as the threat situation evolves, it is believed that enterprises will gradually increase the relevant investment to strengthen their overall defense capability.

HKCERT's Five Recommendations: Helping Enterprises Establish Effective Cyber Defense Mechanisms

HKCERT has put forward five recommendations covering three major areas, namely policy formulation, technology implementation and staff engagement, to help enterprises establish a comprehensive defense mechanism.

1. Assigning manpower for cybersecurity: Enterprises should assign staff with basic cybersecurity knowledge to be responsible for day-to-day monitoring and contingency work, with a clear division of responsibilities to ensure timely response to emergencies.

2. Implement AI governance and regulation: With the increasing popularity of AI tools and third-party platforms, enterprises should formulate relevant policies and operational guidelines to clearly set out the tools that can be used, the scope of data input, and the contingency procedures in the event of an incident involving a vendor, so as to reduce the operational risks brought about by the application of technology.

3. All Employees Work Together to Prevent Phishing Attacks: Enterprises should adopt both technical measures (e.g., email filtering, multiple authentication) and an all-employee security culture to prevent phishing attacks, enhance each employee's ability to recognize suspicious emails and links, and reduce the risk of data leakage.

4. Raise awareness of cybersecurity among all employees: Cybersecurity is the common responsibility of all employees. Enterprises should provide regular security training for all departments, especially for positions involving sensitive data, and enhance response capabilities and minimize human error through simulation drills and case studies.

5. Strengthen technical protection measures: Enterprises should implement key network security technologies, including:

• Email Security and Access Control
• Data protection measures (e.g., encryption and backup)
• Remote access security mechanisms (e.g. VPN, authentication)
• Active security solutions (e.g. intrusion detection, firewall monitoring)

At the same time, penetration testing and risk assessment should be conducted on a regular basis, covering supply chain partners, outsourced systems and business platforms, to continuously strengthen the overall defense capability.

In the face of increasingly complex cyber threats and evolving attack techniques, it has become an important responsibility of the community to assist SMEs to effectively deploy cyber security protection. In addition to a 24-hour incident reporting and support hotline, HKCERT is responsible for continuously monitoring local cyber activities, proactively tracking and combating the source of cyber attacks against Hong Kong and issuing public alerts in a timely manner. In recent years, HKCERT has also made use of its own AI system to combat phishing websites in advance to prevent problems before they occur. To strengthen preventive measures and promote education for SMEs, HKCERT has issued a number of security guidelines on emerging technology risks to help technicians understand and adopt appropriate security strategies. At the same time, HKCERT also analyzes serious phishing and ransomware attacks in detail through thematic webpages, and organizes large-scale public events and participates in more than 30 seminars every year to actively promote cybersecurity awareness.

Since last year, HKCERT has been acting as a bridge between SMEs and the industry's cyber security service providers by joining hands with the Digital Policy Office to launch the "Cyber Security Service Provider Engagement Program". Through a one-stop platform, the program brings together 21 accredited cybersecurity service providers to provide cybersecurity services in the four major areas of protection, assessment, response and training, effectively helping SMEs to quickly match the most suitable solutions and enhance their overall defense capabilities. In the future, the program will continue to optimize its service content and promote resource sharing, so as to build a more secure digital business environment together with the industry.

Source:
https://hk.news.yahoo.com/share/bc85e234-3f3a-3804-bcc5-3a03b1f91b8e