Almost 75 per cent of Chinese companies cannot fully handle cybersecurity challenges, in the backdrop of increase in ransomware, distributed denial-of-service (DDoS) attacks and other types of online threats.
According to the 2021 EY Global Information Security Survey, the increased changes due to COVID-19 and new requirements for law and regulation compliance, have resulted in organisations constantly grappling with cybersecurity requirements and in a state of flux.
Three quarters of Chinese respondents, or 75 per cent, are not sure whether their cybersecurity defenses are adequate to respond to hackers, according to the EY survey. The survey covered 1,400 experts and senior officials from 1,010 companies from March to May 2021.
The survey needs to be seen in the context of a spate of cyber attacks across the world, after the pandemic.
“As cybersecurity issues become more serious, the information security function of an organization is more valued than ever,” said Helen Wang, EY China Consulting leader.
Low Budgets
However, company security teams are facing challenges such as a lack of senior management attention, budget shortfalls, regulatory fragmentation and cross-function communication breakdowns. They are often struggling with the gap between cybersecurity needs and funding, the report said.
Although nearly 67 per cent or two-thirds of Chinese respondents say that the number of destructive cyber attacks, such as ransomware, have increased in the past 12 months, the budget for dealing with cybersecurity risks is still quite low, according to EY.
The lack of budgets is like tying one hand behind the back when one is in a fight. At the same time, information security teams are facing compliance challenges with the increasing complexity of the global compliance environment- as companies embrace globalisation.
Regulations
In China, several new laws have been released already such as China’s Cybersecurity Law, Data Security Law and Personal Information Protection Law.
China’s Standing Committee of the National People’s Congress announced the Personal Information Protection Law of the People’s Republic of China (PIPL) on August 20, 2021, which will come into effect on November 1, 2021.
As China’s first law specifically regulating the protection of personal information, the PIPL will have a direct and far-reaching impact on the protection of personal information rights of individuals, as well as data privacy compliance of enterprises.
Moreover, together with the Cybersecurity Law of the People’s Republic of China and the Data Security Law of the People’s Republic of China, the PIPL is building up a more complete, comprehensive, and systematic legal framework in China’s information protection and cybersecurity field.
The law, similar to Europe’s General Data Protection Regulation (GDPR), requires companies to justify their data collection and provide consumers with the right to access or delete their information, experts said.
Regulation compliance is challenging, particularly as information becomes ubiquitous and travels internationally, EY said.
Also Read: https://w.media/cybersecurity-budgets-cannot-be-compromised-in-a-crisis-kpmg/
