Hong Kong saw a record number of cyberattacks in 2025, with the total volume of digital incidents reaching an all-time high. Authorities warn that increasingly sophisticated tactics, including the use of AI, are making attacks harder to detect and defend against.
The total number of cyber incidents and system vulnerabilities detected last year reached 15,877, according to Edmond Lai Shiao-bun, chief digital officer of the Hong Kong Productivity Council. As per a report, Lai described the figure as a record for the city, reflecting both a rise in attacks and an expanding digital threat surface.
Phishing was the most common attack, accounting for 57% (8,973 cases) of all reported incidents. Lai added that the dominance of phishing attacks was directly linked to the global rise of AI, as fraudulent emails had become far more convincing and numerous.
“We are sure that hackers are exploiting AI to quickly generate large volumes of emails in accordance with the latest trends,” Lai said.
Global cybersecurity trends support Hong Kong's concerns.
We’ve previously reported how AI tools are being abused to enhance all stages of malicious attacks, including phishing, where threat actors use generative models to craft tailored and highly realistic messages.
Prepare for an onslaught
Lai also warned that firms’ growing use of AI posed new cybersecurity risks. He particularly flagged the use of the agentic AI systems, as they can automatically execute tasks such as replying to emails or opening websites.
“If the email an agent read contained a phishing link, it would be like an employee with no cybersecurity awareness clicking on it and providing the requested information,” Lai said.
While Lai presented the headline figures, a separate assessment from the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) outlined the five major cybersecurity risks expected to dominate the coming year.
Among the top concerns is the misuse of AI, including AI-driven attacks and the misuse of AI agents. The centre also warned of weak governance over AI adoption, saying companies were deploying AI tools without adequate security controls or oversight.
Supply-chain and third-party risks were another major concern identified by HKCERT, with attackers increasingly targeting vendors and service providers as indirect entry points into larger organizations. Over-reliance on cloud services was also flagged.
HKCERT further highlighted cybersecurity manpower shortages, noting that many organizations, particularly small and medium-sized enterprises, still lack dedicated cybersecurity teams.
Despite this, only a small percentage of organizations surveyed planned to increase cybersecurity staffing and training this year.
Urging firms to invest more in cybersecurity defences, Lai said clearer leadership direction was needed. “We need more top-down guidance on how to better use AI. This is an inevitable trend.”
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked