Large companies in Greater China seem to disregard the legal and reputational risks from tech failure, tech bias, and data leaks.
According to a report titled “How to prevail when technology fails: Building resilience into your tech strategy” by global law firm Hogan Lovells, less than half (39%) of large corporations in Greater China are sufficiently prepared for the legal risks or reputational damage arising from tech failure, tech bias, and data leaks. The report was based on a survey of 130 business leaders in Asia.
Seventy percent of companies surveyed in Hong Kong, and 60% in Greater China, do not have an up-to-date response plan (updated within the last two years) in case of a cyberattack or data leak. This resonates in Japan with 82%, whereas Singapore fares better, with over two-thirds of respondents (69%) stating that they have adequate processes in place.
Furthermore, 90% of businesses responding to the survey in Hong Kong (the highest in the Asia region) do not involve their legal teams in creating cyber response plans.
“Businesses in Greater China must carefully consider how to mitigate the risks. Boards and the C-Suite should be involved in identifying risks, and collaboration with legal teams and privacy specialists is key. Protection measures can be complex, but the cost of doing so pales in comparison to the opportunity technology can provide and the cost of not being prepared if your tech fails or is attacked,” said Chris Dobby, a Hong Kong-based partner in Hogan Lovells’ litigation, arbitration, and employment practice.
The report noted that these issues can be a legal minefield, with privacy concerns considered the most important ethical issue in developing and deploying the technology. It applies to cloud technology areas — particularly topical following the COVID-19 pandemic, which has spurred increased investment in cloud services. The report revealed that three-quarters of companies in Greater China, and 71% in the broader Asia region, intend to boost investment in the cloud by 2022.
While 54% of Greater China respondents see technology as a core part of their growth strategy, only 32% are more than somewhat confident that their senior executives understand all the potential legal risks.
Despite a growing reliance on technology platforms provided by partners or third parties, nearly three-quarters (74%) of businesses surveyed in Greater China do not routinely check if all their suppliers have adequate cybersecurity credentials. This despite understanding that not doing so could weaken their own IT defenses. This compares with 67% in Singapore and a significantly lower 44% in Japan.
Privacy concerns also extend to smart IoT devices, such as wearables and “smart home” products, and technologies using artificial intelligence, which may store and share a vast amount of data. Yet the majority of businesses (78% in Greater China and 81% in Hong Kong — the highest in Asia) do not involve privacy specialists from the outset of product development discussions, which means they could inadvertently breach data privacy regulations when they develop or update products.
As “privacy by design” becomes part of Asia's compliance considerations, regulators will expect businesses to do better on this score.
“We would encourage all companies across Asia to consider their protection measures for a potential cybersecurity incident, including their cybersecurity preparedness, incident response, notification requirements, and litigation and regulatory enforcement risks,” said Antonia Croke, a partner in the litigation, arbitration, and employment practice at Hogan Lovells in Hong Kong.
Image credit: iStockphoto/Viktoria Nikitina