The government has set up an array of computer hacking countermeasures for its systems after NSA whistleblower Edward Snowden went public, yet the Security Bureau has declined to specify what measures have been taken.

At the individual level, the city's personal data watchdog admits its own powers have no extra-territorial application to companies' situated outside Hong Kong.

"The Secretary for Security of the HKSAR Government has already requested the US Government to clarify on such reports in an effort to follow up on the matter and to protect the legal rights of Hong Kong people. The hacking of computer systems in Hong Kong by the US Government as reported in the news is an act of state for which the Privacy Commissioner for Personal Data has no jurisdiction to intervene and to follow up," a spokesman said.

"The SAR Government is anticipating the US Government to provide a full and satisfactory account to Hong Kong as soon as possible, and it will continue to follow up on the incident," was no progress at all, Legislative Council information technology lawmaker Charles Mok said.

The corporate response has given cyber security consultancies a shot in the arm in light of concerns over Hong Kong's data security, Deloitte Touche Enterprise Risk Service Associate Director Wilson Pang tells China Daily.

Pang said senior executives were asking their IT people what are the risks, concerned if they have enough protection or whether they are being hacked, yet local businesses are woefully unprepared.

"Many companies in HK believe internal networks are safe, but they are still vulnerable," he said, singling out financial institutions, internet business and the public sector such as utilities and government as most vulnerable.

"In Hong Kong, because people prefer to spend money on making more business than tackling cyber security, IT departments are under-budget, lacking the right solutions and people. We've taken on new clients, some big, some huge from all kinds of industries on cyber risk monitoring and responses, identity and access management, data leakage prevention and cyber risk governance," he said.

"The whole affair has helped push the market, but things won't change overnight," Pang said.

(HK Edition 10/11/2013 page4)