Cybersecurity and Privacy | Protiviti – Hong Kong


Cybersecurity Awareness Month

October is Cybersecurity Awareness Month. This year the theme is “Do Your Part. BeCyberSmart.” During October, we’ll help you understand your cybersecurity and privacy priorities with relevant webinars, articles, videos, and tips.


Cybersecurity Webinar Series

Protiviti’s cyber specialists from around the world are lending their expertise to our webinar series. Click below to register, and don’t miss Australia’s session Is Your Business Equipped to Deal with a Ransomware Attack?


Sign Up Now


Cybersecurity Articles and Blogs


Cybersecurity challenges demand an Organisation to face two facts. First, the protection of critical company and customer information is a business requirement to protect the company’s reputation and enterprise value. Second, even the best programme will experience failure and expose some information the company would like to protect.

At Protiviti, we believe confidence in data security and privacy does not come from knowing nothing will happen, it is achieved by knowing all the things that can happen and preparing both proactive and reactive solutions. This holistic approach starts by understanding what is most important to you and then structuring and supporting the cyber programme so that your business is engineered to grow securely.


Protiviti's Competitive Advantages in Technology Consulting

Technical and Business Risk is in Protiviti's DNA

  • Deep experience in understanding and assessing information, technical and business risk across diverse industries.
  • Risk and control specialists can assist in assessing technical and business risk as well as in advising the appropriate controls.

Deep Expertise in IT Security and Cybersecurity

  • Protiviti has extensive experience in IT security, cybersecurity privacy assessment and advisory.
  • Our staff has strong credentials and qualifications in security assessment, implementation, and operations.
  • Our past experience allows us to deliver strong advisory services along with strong security operations.

Global Experts

  • Protiviti has hundreds of cybersecurity consulting experts worldwide with information security, privacy, and industry expertise in various industries. We work across the financial services industry, manufacturing & distribution, and consumer services, to name a few.
  • Protiviti project teams can and will leverage all experience and capability from experts across 85 offices in 27 countries having extensive experience in working with multinational corporations.


Explore Our Latest Insights

China Cybersecurity Law - Compliance Assessment

Incident Response and Investigation Services

Payment Card Industry Data Security Standards

Privileged Access Management Assessment and Advisory

Web Application Penetration Testing

Cybersecurity Maturity Assessment Services


We provide cybersecurity solutions tailored to your organisation’s unique needs and industry in the following areas:

IT Specialised Audit

  • Often part of the overall audit programme
  • More in-depth and technical than Information Technology General (ITGC) audit
  • Often focused on a specific part of IT operations

Security Assessment & Compliance

  • International Security Standard: ISO/IEC 2700x and NIST Cybersecurity Framework
  • Privacy Regulations: Hong Kong Personal Data (Privacy) Ordinance, European GDPR
  • Payment Card Security Standard: PCI DSS 3.2
  • Other regulations/standards: China Cybersecurity Law

Technical Security Assessment

  • Vulnerability scan and penetration test
  • Source code review
  • Phishing and social engineering test
  • Red team simulation

Security Framework Design

  • Design and revision of cybersecurity strategy and programme
  • Design and revision of security policies such as data and information classification
  • Design, revision and implementation of security procedures
  • Design and rolling out of cybersecurity incident response plan

Security Implementation

  • Server and operating system (OS) hardening review and upgrade
  • Network security architecture design and review (including IDS/IPS, SIEM)
  • Security tools design and implementation support

Security Operation

  • Security resource augmentation
  • Security operation outsourcing 
  • Security incident monitoring and response