HKCNSA Symposium 2026 Successfully Concluded, Exploring the Balance Between Compliance and Business Objectives in the Age of AI
- 秘書處

- Jun 29
- 5 min read
Updated: Jul 9

On June 25, 2026, the “HKCNSA Symposium 2026”, organised by the Hong Kong China Network Security Association (HKCNSA), was successfully held at The Ritz-Carlton, Hong Kong. Under the theme “Compliance vs. Achieving Business Objectives: From Data Privacy to AI Governance”, the symposium brought together experts from government, industry and academia to exchange insights on AI governance, data privacy, critical infrastructure protection and enterprise risk management.

In his welcome remarks, David Ip noted that since its establishment in 2023, the Association has connected over 1,000 individuals and 250 organisations, while continuing to promote industry exchange and research. He highlighted the completion of several local studies, including reports on cybersecurity talent and investment, reflecting the practical challenges faced by Hong Kong enterprises. The Association will continue to provide reference and insights through research and engagement platforms to support more targeted cybersecurity development.

Distinguished Guests Discuss AI Governance and Compliance
Representatives from government and regulatory bodies shared the latest policy directions, with a focus on AI governance frameworks and the advancement of critical infrastructure regulations. Ada Chung noted that AI is evolving from a tool supporting human decision-making into increasingly autonomous systems, bringing new privacy risks. She emphasised that data protection and AI governance have become fundamental to enterprise development, and recommended that organisations incorporate AI governance principles into their overall strategies to strengthen risk management.

Cari Wu stated that the Government is committed to accelerating the development of AI, while cultivating a secure ecosystem for its sustainable growth. She noted that the Committee on AI+ and Industry Development Strategy has been established to formulate strategies that create optimal conditions for AI to empower and transform various industries. In response to the growing adoption of AI technology, the Digital Policy Office will focus on launching several key AI-related cybersecurity initiatives in the second half of the year, to ensure the general public and organisations possess adequate security awareness and literacy needed to utilise AI safely.

Raymond Lam stated that Al is transforming cyberattack patterns by lowering entry barriers and accelerating threat dissemination. He pointed out that cyber threats are becoming increasingly large-scale and diverse, including phishing, vulnerability exploitation andmalware. In response, he emphasised the need to strengthen capabilities in secure by design, data source management and multi-stakeholder collaboration.

Morning Session: Data Sovereignty and AI Architecture
The morning sessions focused on the foundational role of data governance and enterprise architecture in the AI era.
Katherine Chiang, Corporate Communications Manager at Synology, delivered a keynote on “Data Sovereignty Infrastructure in the AI Era”, analysing trends such as data gravity, data sovereignty and data security, and discussing how enterprises can build controlled data foundations from edge to core to support AI applications and governance needs. Bill Ho, Chief Security Architect for Greater China & Mongolia at Veeam Software, presented on “Building an Agentic AI ready platform for an Enterprise”, outlining approaches for organisations to move towards autonomous AI systems and enhance control and risk management through data visibility, AI traceability and security mechanisms.


The first panel discussion on “Governing the Grid: AI integration and CI law” was moderated by Frankie Tam, Chairman of the Cyber Law and Policy Committee of HKCNSA, with speakers including Eric Wong, Wilson Tang, Welcome Chan and Eric Tang. The discussion centred on how organisations can address data leakage, compliance monitoring and cross-border regulatory challenges while adopting AI under the Critical Infrastructure (Computer Systems) framework.

Another panel on “What’s next for AI adoption in Banking & Finance sector and what’s the implication on security and data privacy?”, moderated by Michael Pang, featured Alex Chan, Emilia Leung, Karl Dondia and Tom Huang. The discussion focused on how financial institutions can address model transparency, cross-border data compliance and risk control in AI adoption.

Wilson Tang delivered a keynote on “The Path to CI Ordinance Compliance and Beyond”, discussing how organisations can move from baseline compliance towards greater cybersecurity resilience. We Siang Lim, Sales Engineering Manager for North Asia at SailPoint, presented on “AI Identity Tsunami: The Silent Explosion That's Destroying Your Attack Surface”, highlighting the rapid growth of digital identities driven by AI and automation.


Afternoon Sessions: Emerging Risks and Practical Challenges
The afternoon programme focused on emerging risks and practical challenges, particularly those associated with generative AI and agentic AI systems, across two parallel tracks.
In the first track, a panel on “Top Challenges for Operational Technology Operators” was moderated by Silvia Ihensekhien, Vice President of HKCNSA. Panelists included Rick Chan, Tracy Poon, Ben Fung and Ivan Lee. The discussion covered cybersecurity and operational risks in OT environments, as well as challenges arising from system integration and digital transformation.

Kawin Boonyapredee, CISO Advisor APJ at KnowBe4, delivered a keynote on “Guardians of the Grid: Securing Hong Kong’s Human-AI Hybrid Workforce”, highlighting emerging risks such as deepfakes and automated workflows, and the importance of employee training and awareness. Tony Lee, Head of Solution Engineering at TrendAI, presented on “The Challenges of Security in the Age of AI and the Solution”, analysing the limitations of existing security architectures and the shift towards continuous monitoring and validation.


In the second track, a panel on “Breaking Down Silos: Building Cross-Functional Teams That Deliver”, moderated by Chandy Ye, featured Filipa Santos, Claire Park, Gill Meller and David Chan. The discussion explored challenges in cross-functional collaboration across cybersecurity, privacy compliance and business operations, as well as practical approaches to improving coordination, incident response and balancing business needs with risk management.

Amy Lee, Sales Engineer at Jamf, delivered a keynote on “The Evolution of Modern Mobile Threats: From Phishing to Zero-Click Attacks”, analysing the growing role of enterprise mobile devices and evolving threats such as phishing attacks, supply chain compromise and zero-click exploits. Patrick Cheng, Senior Solutions Engineer, Security & Resilience Platforms at Dell Technologies, delivered a keynote on “The Strategic Advantage on Unlocking Cybersecurity & Resilience”, exploring how organisations can enhance security architecture and improve overall risk response capabilities in AI-driven and digital environments.


A panel on “Shadow AI & Generative Tool Misbehavior”, moderated by Erica Britton Johnson, featured Aaron Ang, Kinman Tsang, John Wan and Peggy Lau. Panelists noted the widespread use of generative AI tools in enterprises and emphasised the need to strengthen visibility, governance measures and user awareness.

Another panel on “Agentic AI Exposures”, moderated by Maneka Mishra, featured Naeem Ahmed, Andrew Pang, Josephine Knowles and Mike Fiechtner. The discussion explored governance, monitoring and accountability challenges arising from autonomous AI systems.

HKCNSA expresses its sincere gratitude to all speakers, sponsors, supporting organisations and participants for their involvement. The Association will continue to promote industry collaboration, advance cybersecurity innovation, and support the implementation of governance frameworks.





