Almost 75 per cent of Chinese companies can’t fully handle cybersecurity challenges, in the backdrop of increase in ransomware, DDoS and other types of online threats According to the 2021 EY Global Information Security Survey, the increased changes due to COVID-19 and new requirements for law and regulation compliance, have resulted in organisations grappling with cybersecurity requirements. Three quarters of Chinese respondents, or 75 per cent, are not sure whether their cybersecurity defenses are adequate to respond to hackers, according tothe EY survey. The survey covered 1,400 experts and senior officials from 1,010 companies from March to May 2021. “As cybersecurity issues become more serious, the information security function of an organization is more valued than ever,” said Helen Wang, EY China Consulting leader. Companies are encouraged to invest more in cybersecurity, and take proactive action to turn crises into opportunities. Low Budgets However, company security teams are facing challenges such as a lack of senior management attention, budget shortfalls, regulatory fragmentation and cross-function communication breakdowns. They are often struggling with the gap between cybersecurity needs and funding, the report said. Although nearly 67 per cent or two-thirds of Chinese respondents say that the number of destructive cyber attacks, such as ransomware, have increased in the past 12 months, the budget for dealing with cybersecurity risks is still quite low, according to EY. The lack of budgets is like tying one hand behind your back in a fight. At the same time, information security teams are facing compliance challenges with the increasing complexity of the global compliance environment- as companies embrace globalisation. In China, several new laws have been released already such as China’s Cybersecurity Law, Data Security Law and Personal Information Protection Law. China’s Standing Committee of the National People’s Congress announced the Personal Information Protection Law of the People’s Republic of China (PIPL) on August 20, 2021, which will come into effect on November 1, 2021. As China’s first law specifically regulating the protection of personal information, the PIPL will have a direct and far-reaching impact on the protection of personal information rights of individuals, as well as data privacy compliance of enterprises. Moreover, together with the Cybersecurity Law of the People’s Republic of China and the Data Security Law of the People’s Republic of China, the PIPL is building up a more complete, comprehensive, and systematic legal framework in China’s information protection and cybersecurity field. The law, similar to Europe’s General Data Protection Regulation (GDPR), requires companies to justify their data collection and provide consumers with the right to access or delete their information, experts said. Regulation compliance is challenging, particularly as information becomes ubiquitous and travels internationally, EY said. Globally, cyber crimes is expected to hit $6 trillion in 2021 and up to $10.5 trillion annually by 2025, as users keep ignoring firms’ notice and warnings in financial transactions. This data is based on Cybersecurity Ventures research. The law, which will take effect in November, is expected to improve data security and management in the world’s second-biggest economy with more than 1 billion netizens. It may bring challenges and changes for tech giants and big companies, which highly depend on data-driven business.