The Productivity Council on Wednesday called on companies to strengthen protection against cyberattacks, as the city logged more than 15,800 cybersecurity incidents in 2025 — an almost 30 percent increase from 2024.

Phishing accounted for nearly 60 percent of the cases, according to the council’s Computer Emergency Response Team Coordination Centre, with the prevalence of generative AI making these attacks harder to identify.

It said phishing messages have extended to social media and instant messaging platforms, as well as cryptocurrency platforms, beyond traditional emails.

“The tricky part is that with these types of phishing attacks, you cannot just resolve it with technical means, there is no way to filter all those emails,” said Edmond Lai, the council’s Chief Digital Officer.

“It is very important to bring up the awareness of staff, so that whenever they are receiving an email, a text message, or even a video call or phone call, they will think twice about whether it is genuine or a phishing attack,” he added.

Lai said companies should lay out clear policies on AI technology use in the workplace as soon as possible to counter potential threats, as a study conducted by the centre revealed around 35 percent out of around 620 companies it polled input company information into AI tools.

The survey from last October to November also found around 30 percent of them lack dedicated cybersecurity staff.

Lai said enterprises should assign relevant staff to ensure a timely response to emergencies, making use of cybersecurity technologies such as access-rights control and encryption.