An index measuring local enterprises' ability to respond to cybersecurity attacks has recorded the biggest jump to date, up by 5.8 points from last year to 52.8.
442 companies were measured under the "Hong Kong Enterprise Cyber Security Readiness Index" compiled by the Hong Kong Productivity Council (HKPC) and the Office of the Privacy Commissioner for Personal Data (PCPD).
Among the four areas covered in the index, "Human Awareness Building" has the most urgent need for improvement, the bodies said. The category refers to how aware and cautious employees are regarding potential cyber attacks.
Privacy Commissioner Ada Chung said this awareness has remained relatively low over the years.
"We also encourage enterprises to conduct training regularly, and this will include for example cyber security drill exercises as well," she said.
Chung said many hackers have been using AI to carry out their attacks, and deepfake videos used to fake identities can be made in under 20 minutes.
Alex Chan, General Manager of Digital Transformation at the HKPC, said enterprises are encouraged to adopt AI for defence, such as detecting the voice prints of videos to check if they show a real person.
"We will always say that AI is a double-edged sword. So that means attackers or bad actors are using AI to do attack, at the same time we should also use AI to uplift our defence," Chan said.
To help enterprises better equip themselves against cyber attacks, the PCPD and the HKPC will be introducing a series of training packages, including a "data security training series for Small-and-Medium Enterprises" in 2025 and one on "Phishing Defence Services".