HKCNSA CIO Luncheon 2.0 Successfully Held, Focusing on Regulatory Trends and Technological Innovation

On May 23, 2025, the Hong Kong China Network Security Association (HKCNSA) successfully hosted the CIO Luncheon 2.0 at the Nanhai No. 2 Banquet Hall. The event centered around the new critical infrastructure regulations set to be implemented by the Hong Kong government in 2026. It brought together experts and scholars from across sectors to explore how Hong Kong’s critical infrastructure operators can enhance cyber resilience through regulatory compliance and technological innovation in the face of escalating cyber threats.

The luncheon commenced with a welcome address by Mr. David Ip, Founding Chairman of HKCNSA. Mr. Ip emphasized that once the new ordinance comes into force in 2026, critical infrastructure operators (CIOs) in Hong Kong will face heightened compliance obligations and technical challenges. He reaffirmed the Association’s commitment to fostering cross-sector collaboration and knowledge exchange to help the industry prepare for the regulatory transition.

Mr. Terry Leung, General Manager of HCLSoftware North Asia, delivered the keynote speech titled “Navigating Hong Kong’s Digital Frontier: Blueprint for Resilient AI, Secure Operations, and Regulatory Compliance.” He provided an in-depth analysis of the ordinance’s key requirements, including the establishment of a Computer System Security Management Unit (CSSMU), annual risk assessments, biennial audits, and strict incident reporting timelines of 12 to 48 hours. Mr. Leung also shared how HCLSoftware’s automation platforms and application security testing tools can support CIOs in maintaining compliance and operational resilience in complex IT environments. He stressed that the new ordinance promotes a culture of “continuous compliance” and “resilient operations,” urging enterprises to build long-term security strategies rather than relying on one-off audits.

Keynote Speech by Mr. Terry Leung, General Manager, North Asia, HCLSoftware

Following the luncheon, a panel discussion was held under the theme “Navigating Ordinance Compliance: Challenges and Insights from the Financial Services Sector.” The session was moderated by Ms. Amaya Rousseau, Manager of Cybersecurity and Data Protection at SIA Partners. Panelists included Mr. Frankie Wong, Director of the Financial Services Cybersecurity Committee at HKCNSA and Head of Cybersecurity at The Bank of East Asia; Ms. Frankie Tam, Director of the Cyber Legal Policy Committee at HKCNSA and Partner at Eversheds Sutherland; and Ms. Tracy Poon, General Manager of the Technical Department at Octopus Cards Limited.

The panelists engaged in a deep discussion on the practical challenges of implementing the ordinance, such as establishing an effective CSSMU, integrating new requirements into existing governance frameworks, and aligning with the Cyber Resilience Assessment Framework (C-RAF). They also highlighted gaps in the ordinance, including the lack of clear guidance on third-party risk management (TPRM) and data classification. Looking ahead, the panelists anticipated that the ordinance would continue to evolve to address emerging technologies such as artificial intelligence (AI) and the Internet of Things (IoT). They called on the industry to proactively embrace innovation while developing agile compliance strategies to navigate the rapidly shifting threat landscape.

HKCNSA extended its sincere appreciation to its corporate members and strategic partners—HCLSoftware, SIA Partners, Veeam, Tenable, Threatbook, and Pure Storage—for their invaluable support. The luncheon not only enhanced industry understanding of the new ordinance but also served as a valuable platform for cross-sector dialogue and collaboration, reinforcing Hong Kong’s position as a cybersecurity hub in the Asia-Pacific region.

Looking ahead, HKCNSA will continue to host similar events to promote dialogue between policy and practice, support stakeholders in staying ahead of regulatory and technological trends, and work together to build a safer and more resilient digital Hong Kong.