Editorial | Harden the line on cybersecurity attacks in Hong Kong

A thorough investigation of the InvestHK ransomware attack should push authorities and businesses to step up their defences

Reading Time:2 minutes

Why you can trust SCMP

InvestHK says it has been following government procedures on information and cybersecurity. Photo: Shutterstock

SCMP Editorial

Published: 6:30am, 3 Mar 2025Updated: 2:57pm, 3 Mar 2025

Corrected [2:55pm, 3 Mar, 2025]

[2:55pm, 3 Mar, 2025]
An earlier version of this editorial stated that data had been lost in the InvestHK breach. That is incorrect. The story has been updated.

InvestHK has a critical strategic mission to draw and retain the foreign direct investment Hong Kong needs for economic development. So it was alarming to see the government agency among the growing list of cybercrime victims.

A thorough investigation is needed in a high-profile case that should push authorities and businesses to step up their defences.

It is good that the investment promotion body moved quickly after the February 22 ransomware attack.

Preliminary findings revealed the following day said the breach hit an internal customer relationship management system, intranet and website operations, including a contact form and events updates.

A spokesman said public services were unaffected and staff were able to help customers. Initial risk assessments indicated that basic information including client and staff details may have been exposed.

There is understandable concern about such personal information being compromised.

Last year, there were dozens of cyberattacks targeting statutory bodies and prominent companies.