Cyber Incidents in Hong Kong Up 49% in H1 2025.png

Hong Kong Records 8,142 Cybersecurity Incidents in First Half of 2025 as Phishing Dominates

DQS HK

Blog Author
Aug 01 , 2025

Hong Kong recorded 8,142 cyber incidents in the first half of 2025. Phishing remains the most prevalent threat and system intrusion losses have spiked. DQS HK offers ISO/IEC 27001, penetration testing, and incident response to help organizations proactively strengthen their defenses.

Situation Overview

In the first half of 2025, Hong Kong recorded 8,142 cyber security incidents, an increase of approximately 49% year-over-year. Analysis of over 360,000 threat intelligence items targeting Hong Kong shows the breakdown of active threat vectors as: phishing (47.6%), botnets (26%), vulnerabilities (17%), reconnaissance activities (5.2%), and malware (2.8%). Phishing remains the most active vector, with 28,241 malicious phishing URLs identified—up 47% from the prior period. Surveys indicate that 71% of large enterprises and 69% of small and medium-sized enterprises reported having experienced cyber attacks, underscoring the pervasive nature of exposure across organizational sizes.

 

 

Tech-Related Crimes and Economic Impact

Official policing data shows that Hong Kong logged 16,262 technology-related crime cases in the first two quarters of 2025, a slight increase of 0.5% year-over-year. The total financial loss associated with these cases exceeded HK$3.04 billion, up roughly 14.7%. Common modalities include e-commerce scams, phishing, and personal data theft, with the majority exhibiting cross-border and industrialized characteristics that complicate investigation and enforcement 

 

 

System Intrusions and Ransomware Trends

Although the number of reported system intrusion incidents declined to 21 cases (approximately 30% fewer than the prior year), the associated losses ballooned from about HK$3.3 million to HK$39.4 million. A single high-impact incident in June 2025—where a local financial institution was compromised without authorization and had over 3 million units of stablecoins and other crypto-assets illicitly transferred—resulted in a loss exceeding HK$26 million, driving the overall surge in intrusion-related damage.

On the ransomware front, there were also 21 reported incidents, with the highest ransom demand reaching HK$10 million. Some victim organizations opted to handle breaches discreetly due to reputational concerns, potentially causing official statistics to understate the full scope and impact.

 

 

Defense Gaps Revealed by Intelligence

During the period, law enforcement processed 16 million threat intelligence items, over 360,000 of which were specifically directed at Hong Kong. Analysis revealed systemic governance weaknesses in many targeted environments—insufficient remote access controls, unpatched firewalls and systems, and the absence of proactive threat detection mechanisms. These deficiencies have been exploited to amplify compromise and loss.

 

 

A Three-Layered Defense from Governance to Execution

Faced with the combined pressures of rising incident volume, concentrated losses, and limited visibility, single-point defenses are insufficient. DQS HK recommends organizations shore up their posture across three dimensions—governance, technology, and people—and offers the following core services to build comprehensive cyber resilience:

  1. ISO/IEC 27001: Establishes a formal governance framework to strengthen access control, vulnerability and patch management, monitoring, and continuous improvement.
  2. Penetration Testing: Simulates real-world attack paths to identify weakness in systems and applications ahead of adversaries, reducing the risk of catastrophic single-point failures.
  3. Incident Response Support: Provides structured processes and technical assistance in the event of ransomware or intrusion incidents to contain damage swiftly and preserve critical evidence.
  4. Security Awareness Training: Enhances employee capability to recognize phishing and social engineering threats, converting human risk into an active line of defense.
  5. Privacy Impact Assessment (PIA): Systematically evaluates data processing and potential leakage risks to reinforce personal data governance and compliance readiness.

This integrated approach improves early threat detection, strengthens mid-stage defense, and accelerates post-incident recovery and transparency, laying a foundation for enduring protection and trust.

 

 

Conclusion

Data from the first half of 2025 highlights that Hong Kong is grappling with both increased attack frequency and growing threat sophistication. Organizations that do not proactively close governance gaps, validate controls through testing, and establish robust incident response capabilities will struggle to maintain stability in the face of evolving cyber risk. 

 

 

Associated Services by DQS HK

Author

DQS HK

"In everything we do, we set the highest standards for quality and competence in every project. This makes our actions the benchmark for our industry, but also our own mission statement, which we renew every day"

You Might Also Enjoy These Reads

Discover more articles that dive deep into related themes and ideas.
Blog

AWS and Azure Are ISO 27001 Certified — But That Doesn't Mean Your Company Is

Read more
Blog

NIS-2 for Managing Directors: Duties, Liability, and Implementation

Read more
Blog

Why ISO 42001 is the Essential Strategic Upgrade to Your ISO 27001 Certification

Read more