Hong Kong & Singapore upbeat on AI despite cyber risk

QBE Asia has published a global survey on cyber risks and artificial intelligence, finding that businesses in Hong Kong and Singapore are more optimistic about AI than the global average.

The study covered 6,016 business decision-makers in 15 markets and focused on companies with 100 to 2,000 employees. It found that 96% of respondents in Hong Kong and 97% in Singapore expect AI to have a positive effect on their business over the next two years, compared with 92% globally.

That optimism comes alongside high cyber exposure. Around 59% of businesses in Hong Kong and 61% in Singapore said they had experienced at least one cyber event in the past year, slightly above the global figure of 58%.

Supply chain risks stood out in both markets. Some 43% of businesses in Hong Kong and 42% in Singapore had suffered an attack linked to a supplier, compared with 32% globally.

Concern about supplier-related risks was also stronger in Asia's two financial hubs. Some 64% of Hong Kong business leaders and 78% in Singapore said they were concerned about cyber risks arising from suppliers' use of AI, versus 63% globally.

Hong Kong priorities

In Hong Kong, the main reason for using AI was to increase operational awareness, cited by 56% of respondents. Other leading objectives were increasing operational agility, named by 43%, and driving revenue growth, identified by 26%.

On safeguards, Hong Kong respondents most often pointed to impact assessments. Some 45% said they were using that measure to improve AI safety, while 41% cited staff training and the same share highlighted ensuring data quality.

Despite broader concerns about cyber threats, 27% of Hong Kong businesses reported at least one AI-related cyber event in the past year. That was below the global average of 29%.

Singapore picture

Businesses in Singapore reported a different set of AI priorities. The most commonly cited goal was increasing productivity, named by 54% of respondents. Another 40% said they were focusing on innovation, while the same proportion were seeking a competitive advantage.

On AI safety, staff training ranked first in Singapore, with 50% of businesses identifying it as a key measure. Ensuring data quality and human oversight were each cited by 46%, while 42% said they were conducting impact assessments.

Singapore also recorded the highest rate of AI-related cyber incidents in the survey. Some 39% of businesses there said they had experienced at least one such event in the past year, higher than in any other market covered by the research.

Insurance gaps

The findings also pointed to gaps in cyber insurance cover. In Hong Kong, 22% of companies said they did not have cyber insurance, matching the global figure. In Singapore, the proportion was 18%.

Several sectors appeared more exposed than others. In construction, 47% of Hong Kong firms and 36% of Singapore firms said they lacked cyber insurance. In manufacturing, the figure was 27% in Hong Kong and 25% in Singapore.

Response planning was another weak point. Some 13% of Hong Kong companies and 15% of Singapore companies did not have a cyber response plan in place, compared with 14% globally.

Business interruption remains a material issue when incidents occur. Some 18% of Hong Kong businesses and 19% in Singapore said a cyber event had resulted in one or more days of disruption, versus 21% globally.

The research also highlighted the methods businesses face most often. Phishing was the most frequently reported attack method in both markets, cited by 48% of respondents in Hong Kong and 54% in Singapore. Attacks targeting identity vulnerabilities or entry points, AI-generated malware, deepfakes and voice phishing were also widely reported.

The findings suggest that enthusiasm for AI adoption is not reducing concern about cyber threats. Instead, businesses appear to be balancing the commercial gains from AI with the need for stronger internal controls, staff awareness and closer scrutiny of suppliers.

Sam Russell-Vick, Regional Cyber Lead at QBE Asia, said the supplier risk findings showed companies can no longer focus solely on their own cyber defences.

"They must now consider the cyber vulnerabilities of their suppliers, as perpetrators exploit weaknesses that arise with such partnerships," he said.

He added: "Our survey confirms that while AI is widely seen as a noteworthy business enabler, it is also a serious threat."

On the consequences of attacks, Russell-Vick said: "Should a cyber event happen, the fallout from this will severely impact businesses, operationally and financially - and may ultimately cause damage to their prized customers. It is therefore imperative that all companies, irrespective of size or location, understand their cyber exposures, and take appropriate measures to fully protect their businesses from these."