The rapid proliferation of Artificial Intelligence technologies has fundamentally reshaped the digital landscape, creating a double-edged sword where innovation and unprecedented risk coexist, a reality starkly reflected in Hong Kong’s cybersecurity statistics from the past year. The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), operating under the Hong Kong Productivity Council (HKPC), recently released its “Hong Kong Cybersecurity Outlook 2026,” revealing a staggering 15,877 cybersecurity incidents in 2025. This figure represents a 27% year-on-year increase and a new record high, underscoring a troubling trend where cyberattacks are becoming increasingly automated, targeted, and destructive. The report identifies AI-driven threats and vulnerabilities within the supply chain as the primary catalysts for this surge, posing significant challenges to business operations and information security across the special administrative region. As organizations embrace AI for its potential to drive growth, they must also confront its weaponization by malicious actors who leverage the same technology to orchestrate more sophisticated and evasive attacks than ever before. This escalating threat environment demands a paradigm shift from reactive defense to proactive, intelligence-led security strategies.
1. The Anatomy of a Record-Breaking Year in Cyber Incidents
A detailed analysis of the 2025 incident data reveals that phishing attacks remain the most dominant and pervasive threat, accounting for nearly 60% of all reported cases. The advent of generative AI has significantly lowered the barrier to entry for creating highly convincing and personalized phishing messages, making them exceedingly difficult for both individuals and traditional security filters to detect. These fraudulent communications are no longer confined to email; attackers have diversified their delivery methods to include social media, instant messaging platforms like WhatsApp, and cryptocurrency exchanges, broadening their reach and exploiting user trust on multiple fronts. This evolution in phishing tactics highlights a critical need for continuous user education and the adoption of multi-layered defense mechanisms that can identify and block malicious content across various communication channels. The sheer volume and sophistication of these AI-enhanced attacks demonstrate that conventional security awareness training may no longer be sufficient to counter the evolving threat landscape.
Beyond phishing, incidents involving vulnerable and misconfigured systems experienced a dramatic surge, increasing more than 3.5 times compared to the previous year and constituting 15% of the total cases. This sharp rise indicates that threat actors are actively and successfully scanning for and exploiting unpatched software, weak configurations, and other systemic weaknesses within corporate networks. Such vulnerabilities provide a direct gateway for attackers to gain initial access, escalate privileges, and deploy malware, including ransomware. Meanwhile, botnet-related incidents, while holding steady at 18% of the total, represent a persistent and insidious threat. These networks of compromised devices are notoriously difficult to dismantle completely and serve as a latent force that can be activated for large-scale distributed denial-of-service (DDoS) attacks, spam campaigns, or credential theft. The stability in botnet numbers, coupled with the explosion in vulnerability exploitation, paints a picture of a multifaceted threat environment where both opportunistic and targeted attacks are thriving, placing immense pressure on IT and security teams.
2. Emerging Threats on the Horizon
Based on a comprehensive analysis of technological trends and the local business environment, HKCERT has identified five critical cybersecurity risks that are expected to pose significant challenges in 2026. The foremost concern is the rise of sophisticated AI-driven attacks and the potential misuse of agentic AI. Malicious actors are increasingly using AI not only to craft deceptive content but also to automate reconnaissance, identify vulnerabilities, and adapt their attack methods in real time to evade detection. This creates a dynamic and unpredictable threat that can outpace traditional, signature-based security solutions. Secondly, weak corporate AI governance is emerging as a major source of data leakage. A recent survey revealed that approximately 35% of businesses utilizing AI tools allow employees to input corporate data, often without adequate policies or controls. This practice exposes sensitive information to potential breaches, unauthorized access, and misuse by the AI models themselves or by third parties, creating a significant and often overlooked internal risk.
The remaining high-priority risks underscore the interconnectedness of the modern digital ecosystem. Supply chain vulnerabilities and third-party security gaps have become a focal point for attackers, who recognize that compromising a single, less-secure vendor can provide a backdoor into the networks of multiple, larger organizations. These attacks exploit the trust inherent in business relationships and can trigger a devastating chain reaction. Furthermore, an over-reliance on cloud infrastructure is creating single points of failure. While cloud services offer scalability and efficiency, concentrating critical data and operations with a single provider can amplify the impact of an outage or a security breach. Lastly, the proliferation of AI-enabled devices, from smart office assistants to IoT sensors, is expanding the attack surface. Many of these devices are designed with functionality rather than security as the primary consideration, making them attractive targets for hackers seeking to infiltrate corporate networks or create large-scale botnets.
3. The Preparedness Gap Between a Large Enterprise and an SME
The “Hong Kong Enterprise Cybersecurity Landscape” study sheds light on the varying levels of preparedness among local businesses, revealing a significant gap between Small and Medium-sized Enterprises (SMEs) and their larger counterparts. While the finding that nearly 70% of all enterprises have dedicated personnel for cybersecurity is a positive indicator of growing awareness, a closer look reveals disparities. Among large enterprises, a robust 95% have staff responsible for this function, with 59% having dedicated, specialized cybersecurity roles. In contrast, while 67% of SMEs assign cybersecurity responsibilities, only 26% have dedicated personnel, often relying on IT generalists to manage complex security tasks. This resource constraint directly impacts their ability to implement and manage advanced security measures. For instance, while 79% of large enterprises have adopted sophisticated email security solutions, only 48% of SMEs have done the same. The disparity is even more pronounced with advanced practices like Privileged Access Management (PAM), which is employed by 60% of large firms but only 29% of SMEs.
This divide extends to investment and strategic planning for cybersecurity. Over the past year, 41% of large enterprises increased their allocation of resources, including staff and tools, to cybersecurity, and 50% invested more in employee training. The figures for SMEs were considerably lower, at 13% and 12%, respectively. Looking ahead, this cautious investment trend among SMEs is set to continue. Only 5% of SMEs plan to hire additional cybersecurity personnel in the next 12 months, compared to 15% of large enterprises. Similarly, planned increases in training budgets (13% for SMEs vs. 38% for large firms) and overall cybersecurity budgets (13% vs. 36%) highlight a growing divergence in defensive capabilities. While SMEs are not ignoring the threats, their conservative approach to investment, likely driven by limited resources and competing business priorities, leaves them disproportionately vulnerable in an environment of escalating, AI-powered cyber threats, creating a weak link in the broader economic ecosystem.
4. Building a Resilient Cyber Defense Framework
In response to these findings, HKCERT outlined five key recommendations designed to help enterprises, particularly SMEs, fortify their defenses against the evolving threat landscape. The foundational step recommended was the formal assignment of cybersecurity responsibilities. Businesses were urged to designate specific employees, equipped with at least basic cybersecurity knowledge, to handle daily monitoring and incident response, ensuring clear accountability and timely action during a crisis. The second critical area addressed was the urgent need for robust AI governance and regulation. As organizations increasingly integrate AI tools and third-party platforms into their workflows, it became imperative to establish clear policies and operational guidelines. These policies needed to specify which AI tools were approved for use, define the scope of data that could be input, and outline procedures for responding to security incidents involving third-party vendors, thereby minimizing both operational and reputational risks.
The recommendations also emphasized a holistic, human-centric approach to security. A collaborative, staff-wide effort to prevent phishing attacks was identified as essential. This involved combining technical measures, such as advanced email filtering and mandatory multi-factor authentication, with the cultivation of a strong, organization-wide security culture. Enhancing cybersecurity awareness and providing regular, targeted training for all employees was another cornerstone of the proposed framework. This training needed to be tailored to different roles, especially those handling sensitive data, and reinforced with practical exercises like phishing simulations to reduce the likelihood of human error. Finally, strengthening core technical protection measures was presented as a non-negotiable requirement. Enterprises were advised to implement essential technologies, including comprehensive email security, robust data protection measures like encryption and regular backups, secure remote access mechanisms such as VPNs, and proactive security solutions like intrusion detection systems and firewall monitoring, creating a multi-layered defense capable of withstanding modern cyber threats.
