The financial fortress of Hong Kong today is up against one of the most pressing threats in this digital landscape – cyberattacks and financial crimes. The battle cry (going into the war field) against these underground criminals has taken on a proactive and defensive approach, as two crucial bills were launched and passed by the Hong Kong government recently.
The first bill is known as the ‘Protection of Critical Infrastructures (Computer Systems) Bill’, a legislation that was approved in March this year to bolster the security posture of critical computer systems within 2 categories of critical infrastructure – in which Category 1 consists of the banking sector and financial institutions along with other essential service providers like telecommunication services and energy. Preventing service disruptions and addressing the increased risk exposure to global attacks is a key agenda of this bill, which designates 3 key obligations or requirements to be fulfilled by the organizations’ respective CIOs. With this bill, it is expected that stricter cybersecurity requirements will be imposed as well as enforcement mechanisms to govern policies, processes and the overall systems architecture in place.
The second latest bill is called the ‘Banking (Amendment) Bill 2025’, aimed at countering financial crimes under the supervision of the Hong Kong Monetary Authority (HKMA). The government said this initiative calls for a new voluntary information-sharing mechanism among authorized institutions to fortify public protection against fraud and money laundering activities and assist efficient intelligence gathering – all part of identifying and mitigating illicit operations and any prohibited cash flow. The end goal is about preserving Hong Kong’s integrity, resilience, and stability as an international financial hub, while preventing its banking system from criminal exploitation.
Both bills are new counter measures in addition to HKMA’s ‘Cybersecurity Fortification Initiative (CFI)’ program introduced back in 2016 to improve local banks’ cybersecurity and their cyber risk management. Given all these regulatory oversight with extended scopes being rolled out by the government, questions may arise as to why efforts are continuously stepped up and implemented for the financial and banking sector, which has taken prominence in cyber governance and the fight against cybercrimes. Here’s why:
As an international financial hub that serves the wider APAC region and beyond, Hong Kong’s financial architecture is connected to the global financial system – hence any external threat to its stability will bring about ripple effects to the international monetary markets at large. Furthermore, in serving as a key fundraising and capital markets hub for the whole of Asia, one of the largest USD clearing hubs, the fourth-largest FX hub, and the largest global offshore RMB center, have all further cemented Hong Kong’s pivotal function in the worldwide economy and larger society outside of its own. (Source: Eddie Yue: Safeguarding the bottom line for security, facilitating high-quality development).
Multi-pronged goals with SASE
It has become quite clear that cyber resilience for the Hong Kong banking sector has an elevated importance, now more than ever. Banks can no longer rest on their laurels or afford lackluster cybersecurity policies as malicious attacks are not only on the rise but are becoming sophisticated in tactics engaged by the bad actors and the nature of the crime. The increased use of GenAI has also introduced additional cyber and data security risks such as data leakage and model inference attack (Source: emerging-risks-and-opportunities-of-generative-ai-for-banks.pdf)
To keep these risks and threats at bay, deploying a revolutionary solution that converges network and security services for a robust, secure, and agile infrastructure is the optimum consideration for financial institutions. The answer lies in the Secure Access Service Edge (SASE), a transformative framework and reference architecture that can support banks with simplifying their network complexity, optimizing use of their digital assets, while improving their cybersecurity posture.
A SASE implementation also involves the adoption of a Zero Trust Architecture with streamlined technology and consistent user policies. With centrally managed security policies for the entire network, this helps not only to simplify enforcement and configurations but also maintain a standardized security posture for banking institutions.
Additionally, SASE’s cloud-native approach enables the delivery of its networking and security elements via unified managed cloud services, thereby streamlining and bolstering the bank’s cloud security, significantly enhancing its security posture. It also supports flexible and rapid scalability required for growth in line with the bank’s expanded footprint – particularly relevant in the face of stiff competition where today’s traditional, physical banks are up against the new wave of digital banks; it was reported in a survey that over 97% of Hong Kongers trust digital banks’ security measures, and that digital bank account holders are willing to open more accounts with other digital banks (Source: Over 97% of Hong Kongers trust digital banks’ security measures | Hong Kong Business).
With SASE, banks can be assured of a centralized protection across a distributed workforce and have the power over employees’ authorized access of applications or data from anywhere (office, home, or remote) on any device, enabling flexible hybrid ways of working while maintaining security control aligned to the bank’s business needs and user requirements. As network performance within the bank is also key to lower latency of data transmission and enhance overall employee as well as customer experience, the SASE framework helps to optimize network traffic flow and improve network visibility.
Conclusion
As every financial institution is unique with its own needs based on their existing systems, policies and culture, adopting SASE is no cookie-cutter approach but more of a customized strategy. SASE is a broad, multi-faceted architecture. It takes well-established and well-known security concepts and restructures them into a unified cloud and Software-as-a-Service (SaaS) centric framework. This restructuring brings with it new complexities ranging from infrastructure design, build phase implementation plan, to run phase operation management.
Engaging an experienced solutions provider like Orange Business with the combined expertise of Orange Cyberdefense (ranked No.5 in the world’s top Managed Security Services providers) and market-leading partners can help banks derive the most from their SASE investment, ensuring customers receive the most optimum outcome when adopting the solution to mitigate security risks, minimize complexity and improve application performance.
After all, SASE does not only address the institution’s security requirements at scale but allows it to adopt a secure and robust digital infrastructure that is resilient and future-proof against service disruptions and preventative towards exposure to global attacks – which will perfectly be in support of the ‘Protection of Critical Infrastructures (Computer Systems) Bill’ agenda that is a mission priority by the government.
Recommended for you
Edmund is the General Manager of Orange Business Hong Kong and Taiwan. He is responsible for developing and managing our portfolio of business solutions for multinational enterprises and provides strategic direction to support the growth of Orange Business as the leading integrated communications provider in Hong Kong and Taiwan. Edmund likes having a whisky or two during his down time to unwind when he is not driving.