Biz / Tech

Cybersecurity defenses lacking in many companies, says survey

Zhu Shenshen
Three quarters of Chinese companies can't fully handle cybersecurity challenges, according to a report by EY.
Zhu Shenshen

Three quarters of Chinese companies can't fully handle cybersecurity challenges, with evolving threats such as increasing online attacks, changes due to COVID-19 and new requirements for law and regulation compliance, EY said in a recent report.

Companies are encouraged to invest more in cybersecurity, and take proactive action to turn crises into opportunities.

Three quarters of Chinese respondents, or 75 percent, are not sure whether their cybersecurity defenses are adequate to respond to hackers, according to the 2021 EY Global Information Security Survey.

The survey covered 1,400 experts and senior officials from 1,010 companies from March to May 2021.

"As cybersecurity issues become more serious, the information security function of an organization is more valued than ever," said Helen Wang, EY China Consulting leader.

But company security teams are facing challenges such as a lack of senior management attention, budget shortfalls, regulatory fragmentation and cross-function communication breakdowns. They are often struggling with the gap between cybersecurity needs and funding.

Although nearly two-thirds or 67 percent of Chinese respondents say that the number of destructive cyber attacks, such as ransomware, have increased in the past 12 months, the budget for dealing with cybersecurity risks is still quite low, according to EY.

Information security teams are facing compliance challenges with the increasing complexity of the global compliance environment.

In China, several new laws have been released already such as China's Cybersecurity Law, Data Security Law and Personal Information Protection Law.

Last month, China passed its first Personal Information Protection Law to prevent businesses collecting sensitive personal data and to crack down on crimes like online fraud and data theft.

The law, which will take effect in November, is expected to improve data security and management in the world's second-biggest economy with more than 1 billion netizens. It may bring challenges and changes for tech giants and big companies, which highly depend on data-driven business.

The law, similar to Europe's General Data Protection Regulation (GDPR), requires companies to justify their data collection and provide consumers with the right to access or delete their information, experts said.

Regulation compliance is challenging, particularly as information becomes ubiquitous and travels internationally, EY said.

Special Reports