HKCNSA Cybersecurity Symposium 2026: Navigating Compliance and Business Development in the AI Era
- 秘書處

- 1 day ago
- 7 min read
Reprinted from IT Pro

Organized by the Hong Kong China Network Security Association (HKCNSA), the Cybersecurity Symposium 2026 was successfully held recently, bringing together industry leaders, cybersecurity professionals, government representatives and technology experts to discuss artificial intelligence governance, data privacy, critical infrastructure protection, and enterprise risk management.
In his opening remarks, David Ip, Founding Chairman of HKCNSA, said:
"The Association has connected more than 1,000 individual members and 250 organizations and continues to promote industry collaboration and research. This year's symposium brought together executives from organizations including HKEX, Standard Chartered Bank and MTR Corporation to share insights and experiences, helping participants understand how different sectors are responding to emerging challenges."
Technology Organization with the Largest Legal Talent Community
David Ip noted that the Association has completed a number of local research projects in recent years, including studies on cybersecurity talent and cybersecurity investment. These reports reflect the practical challenges Hong Kong enterprises face in workforce planning and cybersecurity decision-making.
The Association will continue to provide industry reference points through research initiatives and knowledge-sharing platforms, helping drive more targeted cybersecurity development.

He noted that AI is still in a period of rapid development. Similar to the early development of electric vehicles, safety standards continue to evolve long after new technologies are introduced to the market. As a result, technology vendors around the world are investing heavily in research, development and acquisitions in order to deliver comprehensive AI security solutions.

The Association has also become one of Hong Kong's technology organizations with the largest concentration of members from legal and compliance backgrounds, while establishing partnerships with numerous non-profit organizations, educational institutions, media organizations and mainland organizations.
A New Era of AI Governance and Compliance
Ada Chung, Privacy Commissioner for Personal Data, Office of the Privacy Commissioner for Personal Data, noted that artificial intelligence is evolving from a tool that supports human decision-making into systems with greater autonomy, creating new privacy risks.
She emphasized that data protection and AI governance have become essential foundations for business development. Organizations should integrate AI governance principles into their overall strategies as they expand AI adoption, strengthening risk management capabilities along the way.

Government Focus on AI Innovation and Cybersecurity
Cari Wu, Deputy Commissioner (Digital Infrastructure), Digital Policy Office, Innovation, Technology and Industry Bureau, explained that the Government is working to strike a balance between AI innovation and cybersecurity protection.
She highlighted the establishment of the "AI+" Strategy Committee, which aims to promote AI adoption across industries, accelerate the commercialization of research outcomes, and strengthen local computing capabilities to support large-scale AI projects.
Facing emerging cyber threats associated with AI technologies, Cari Wu stressed the importance of establishing effective governance frameworks and enhancing industry collaboration. The Government is planning various AI-related cybersecurity initiatives to improve organizational resilience and protection capabilities, supporting the development of a secure and sustainable digital ecosystem in Hong Kong.

AI is Transforming the Cyber Threat Landscape
Raymond Lam, Chief Superintendent of Cyber Security and Technology Crime Bureau, Hong Kong Police Force, stated that cyber threats are becoming increasingly large-scale and diversified, including phishing attacks, vulnerability exploitation and malware activities.
In response to changes brought about by AI, he emphasized the importance of security-by-design principles, responsible data governance and cross-sector collaboration.
Raymond Lam further noted that AI technologies are changing the nature of cyberattacks by lowering attack barriers and accelerating the spread of cyber threats.

Critical Infrastructure Regulation and Future Implications
Wilson Tang, Vice Chairman of HKCNSA, delivered a presentation entitled "The Path to Critical Infrastructure Ordinance Compliance and Beyond", examining how organizations can move beyond basic compliance requirements and enhance cyber resilience under the Protection of Critical Infrastructure (Computer Systems) Ordinance.
Wilson Tang commented that this year's symposium featured increased participation from government departments, enabling more practical and meaningful dialogue between regulators and industry practitioners.

He said:"At first glance, the new ordinance may not appear directly connected to AI. However, many critical infrastructure operators rely on AI-assisted analysis and intelligence. It is important to clearly define AI as a supporting tool. Ultimately, decisions and accountability must remain with human beings. For this reason, the quality and accuracy of AI-generated information become extremely important. Inaccurate information can lead to incorrect decisions."
He added:"Over the past three years, the Association has gained broad recognition and growing expectations from the community. We expect to launch more practical initiatives that deliver direct benefits to different sectors. We hope more professionals will join us in strengthening Hong Kong's cybersecurity capabilities."
Industry Participants Discuss Current Challenges
Strengthening Collaboration to Improve Security Risk Management
Josephine Knowles, Human Risk Management Manager at CLP Power, is responsible for cybersecurity awareness and staff training across the organization.
Having attended the symposium for three consecutive years, she commented:
"Our company encourages employees to make good use of AI, and technological development is advancing rapidly. That is why I attend the symposium every year. I am particularly interested in AI security, agentic AI and digital regulation, and I am always eager to learn more."

Although she does not come from a technical background, she expressed strong interest in how people, processes and technologies can work together effectively.
She particularly valued the expert panel discussions, where participants explored how organizations can establish effective communication and collaboration mechanisms across different teams to strengthen protection, reduce risk and minimize losses.
As a representative of a public utility company, she emphasized the importance of helping colleagues avoid mistakes and putting the interests of Hong Kong citizens first.
"Imagine how frustrating it would be if a customer's personal information were misused. In today's complex geopolitical environment and with increasingly frequent cyberattacks around the world, we must ensure a stable power supply and protect people's lives and property. I hope to gain more cybersecurity knowledge, especially in AI security, to support CLP's future AI initiatives."
Building the Foundation for AI Readiness
Artificial intelligence remains one of the most significant drivers of global technology development.
Kinman Tsang, Head of IT Digital Solutions and Infrastructure at Maxim's Group, explained that his primary reason for attending the symposium was to understand the latest trends and practical applications of AI in information security.

He noted that Maxim's Group is actively modernizing its IT infrastructure through open-source technologies and multi-cloud architectures, creating a more flexible and scalable foundation for future AI adoption.
Beyond infrastructure transformation, the company is focused on improving AI literacy among employees, particularly frontline staff, helping them identify sensitive information such as customer and membership data and avoid entering such information into public AI platforms.
Tsang added that Maxim's Group is currently consolidating and streamlining applications across its various restaurant brands to improve operational efficiency and customer experience.
He believes the mobile application ecosystem may undergo significant structural changes over the next decade.
"Many enterprises operate multiple mobile applications. Maintaining, upgrading and securing those applications requires considerable resources. By moving toward ecosystem models such as WeChat Mini Programs or LINE platforms, organizations can integrate ordering and payment services through a single platform, simplifying management while improving maintenance efficiency and security."
Using Eatizen as an example, he noted that a single platform is already capable of supporting multiple service functions.
Banking Sector: Taking a Proactive Approach to AI Risk Management
Frank Ip, Head of Enterprise Risk Management in the banking sector, praised this year's symposium for both its content and attendance.
With more than 30 years of experience in financial services, telecommunications and cybersecurity, he believes the discussions addressed many of the industry's most pressing concerns.
"Incidents often occur unexpectedly. There is no checklist that guarantees complete protection. Listening to experts share their experiences in crisis management, operational response and executive reporting after incidents has been extremely valuable. Equally important is establishing effective response mechanisms with industry peers to help safeguard Hong Kong's financial services sector."

Another key topic discussed during the symposium was the Protection of Critical Infrastructure (Computer Systems) Ordinance, which came into effect earlier this year.
Frank Ip believes the ordinance clearly defines security requirements and helps raise awareness of risk management across different sectors.
"We all understand that risks cannot be completely eliminated. What matters is having the courage to face those risks, ensuring colleagues are prepared, and minimizing potential impact in the safest and most appropriate manner."
When discussing AI, he emphasized:
"A bank's most important asset is its reputation. Therefore, we place particular emphasis on security compliance and adopt new technologies carefully. At the same time, we maintain a positive attitude toward AI, proactively addressing AI-related risks and taking a long-term perspective on the opportunities and benefits AI may bring."
Additional Sessions Featuring Industry Experts

The panel discussion, "AI Integration and Critical Infrastructure Compliance", was moderated by Frankie Tam, Director of Cyber Legal Policy Committee of HKCNSA. Panelists included Eric Wong and Wilson Tang, Vice Chairmen of HKCNSA; Welcome Chan, Head (Risk & Compliance), Risk Management Department, Hong Kong Interbank Clearing Limited; and Eric Tang, Regional Business Director of HCLSoftware.

Another panel discussion, "What’s Next for AI Adoption in Banking & Finance Sector and What’s the Implication on Security and Data Privacy?", featured Alex Chan, Assistant Privacy Commissioner (Compliance, Global Affairs and Research), Office of the Privacy Commissioner for Personal Data; Emilia Leung, Group Data Protection Officer of Hong Kong Exchanges and Clearing Limited; Karl Dondia, Lead, Data Protection at Standard Chartered; and Tom Huang, Head of Technology and Operational Risk Management at Livi Bank.











Source of Information
This content is sourced from an exclusive interview by IT Pro. Original article link:
The above is translated based on the original article. If any part is inconsistent with the original meaning or requires amendment, please contact the Association.



