China is keen to improve its cybersecurity landscape with its new laws. Source: Shutterstock

China is keen to improve its cybersecurity landscape with its new laws. Source: Shutterstock

Is Beijing winning the fight against malware?

China has had a long battle with cybersecurity, and that’s led it to implement some fairly hardline measures.

In 2017, Beijing introduced strict cybersecurity laws which forced businesses, both local and multinationals, to share sensitive data, and utilize local IT infrastructure.

Driven by the overriding need to halt the growing risk of cybercrime affecting government organizations, enterprises, and individuals, China issued the Cyber Security Law (CSL) in 2017 to exert greater control over the country’s cyberspace.

The laws have since been updated, with Beijing pushing in new regulations to further strengthen governance over online activities and businesses’ databases. Compliance has also become a major focus of the country, where businesses have been asked to meet data localization requirements.

As a result of these measures, China’s cybersecurity has improved, but it does not mean that cybercrime is out of the picture. China still ranks fifth globally when it comes to financial malware attacks.

During the third quarter of 2019, about 1.2 percent of Chinese citizens were reported to have been breached.

According to Ben Wootliff, Head of the Asia cybersecurity practice at Control Risks, speaking to SCMP, this could be down to the high penetration of digital payments among the Chinese population, which is making local consumers attractive targets for criminals looking to deploy financial malware.

Despite strict rulings and laws, financial cybercrime is still rampant in China. If not further addressed, the situation can worsen and end up hindering the country as it scales up its digital payment capabilities.

However, China must think carefully how it continues its cybersecurity fight. Layering on more regulation may cause businesses that were forced to comply with such stringent regulations in the first place to question the credibility of Beijing’s cybersecurity laws.

While the laws have improved the country’s cyberspace defense systems, not everyone is happy to comply. The regulations essentially demand that multinational businesses cooperate with authoritative bodies by giving full access to their data.

In fact, before the core laws were enforced, global businesses had formed a coalition in response to the legislations citing violations of Beijing’s free-trade pledges and information security.

“There are still some ambiguities which are making it difficult for companies to operate, such as how much data they can export out of China, how and when to report issues around cybersecurity, and the level of security they should implement under the new regulations,” said Wootliff.

“These areas of ambiguity, combined with a tough enforcement regime, can still make it tricky for companies to operate.”

The world has evolved to be a little bit more digital each day, changing the way we work, play and pay – China is far from an exception.

While it is crucial for countries to arm themselves with the right cybersecurity measures, it is also important to impose laws that can effectively mitigate cyber risks and threats, while keeping businesses and citizens on-side as allies in the fight.