AI-related Attacks and Supply Chain Risks Emerge as Top Concerns Nearly 30% of Enterprises Lack Dedicated Cybersecurity Personnel

HONG KONG SAR - Media OutReach Newswire - 28 January 2026 - The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), under the Hong Kong Productivity Council (HKPC), today hosted a media briefing to officially release the annual "Hong Kong Cybersecurity Outlook 2026". The report reveals that cyberattacks have become more automated, targeted, and destructive with the rapid proliferation of Artificial Intelligence (AI) technologies, posing significant threats to business operations and information security. A record high 15,877 cybersecurity incidents were recorded in Hong Kong in 2025, marking a 27% year-on-year increase. The report also highlights five key cybersecurity risks expected to emerge in 2026, mainly under AI-related threats and supply chain vulnerabilities. HKCERT also released the findings of the "Hong Kong Enterprise Cybersecurity Landscape", which analyses the current state of local enterprises' cybersecurity defences and resource allocation in the face of cyber risks. The study covered 622 enterprises (including 544 SMEs and 78 large enterprises) and interviewed 50 cybersecurity service providers to assess the key factors businesses consider when selecting cybersecurity services. The findings reveal that nearly 70% of enterprises have dedicated cybersecurity personnel, showing the increasing importance local businesses place on cybersecurity. Many SMEs have also begun strengthening their security measures, demonstrating a proactive awareness of cyber threats. However, they were behind large enterprises in terms of technology deployment and resource allocation. Moreover, around 35% of businesses using AI would enter corporate data into AI tools, suggesting that there is still room for improvement in local overall defence capabilities and AI governance awareness. Mr Edmond LAI, Chief Digital Officer of HKPC, stated, "The proliferation of AI can drive innovation, but it can also become a powerful tool for hackers, making cyber threats stealthier and more scalable. Our report indicates a lack of governance in corporate use of AI tools. In particular, the limited resources and knowledge of SMEs may limit their full understanding of the potential risks involved. Moreover, supply chain attacks have become the weakest link in enterprise security, where a single vendor's vulnerability can trigger a chain reaction of crises, even if the enterprises have robust protective measures. To address these challenges, enterprises must shift from passive response to proactive deployment, starting with establishing clear AI usage guidelines and audit mechanisms, and deeply integrating them into the overall cybersecurity strategy". Overview of Cybersecurity Incidents in 2025: Phishing Accounts for Nearly 60% – Record-High Number of Cases According to the latest statistics from HKCERT, a total of 15,877 cybersecurity incidents were reported in 2025, marking a new record high. Among them, phishing attacks remained the most prominent threat, accounting for nearly 60% (57%) of total cases. The rise of generative AI has made phishing messages increasingly realistic and harder to detect, further amplifying the associated risks. Attack delivery methods have expanded beyond traditional email to social media or instant messaging platforms (such as WhatsApp) (34%) and cryptocurrency platforms (18%). In parallel, cases involving vulnerable systems also saw a sharp increase, with 2,328 incidents (15%), representing a more than 3.5-fold rise compared to the previous year. This suggests that attackers are actively exploiting misconfigurations and unpatched system vulnerabilities. Meanwhile, botnet-related incidents remained steady at 18%. While stable in number, botnets are notoriously difficult to eradicate completely, representing a long-term latent threat. Top 5 Cybersecurity Risks in 2026 Based on industry expert analysis and HKPC's ongoing research into the local business environment, and considering industry trends and technological developments, HKCERT predicts that the following five cybersecurity risks will pose significant challenges to businesses in 2026:

1. AI-Driven Attacks and Agentic AI Risks
2. Weak AI Governance of Enterprises Increases Data Leakage Risks
3. Supply Chain Vulnerabilities and Third-Party Security Gaps
4. Over-Reliance on Cloud Infrastructure Creates Single Points of Failure
5. Emerging Threats from AI-Enabled Devices

30% of Enterprises Lack Dedicated Cybersecurity Staff, SMEs Lag in Defense and Investment "The Hong Kong Enterprise Cybersecurity Landscape" reveals nearly 70% of enterprises have dedicated cybersecurity personnel, showing the increasing importance place on cybersecurity. By company size, 67% of SMEs have personnel responsible for cybersecurity, and 95% of large enterprises do. Among them, 26% of SMEs have dedicated...