Latest news
  • In Memoriam


    Read more

  • Putting the Needs of Members First


    The Chinese New Year brings fresh strategic priorities. At the Danish-Chinese Business Forum, we...

    Read more

  • 3 Assumptions You Should Challenge if You Want to Be Successful at Virtual Collaboration


     Let’s get it out there right away: Virtual collaboration isn’t easy.

    Read more

  • Set the Right 'Rules of the Game' – and Succeed in Your Global Operations


    Does your company already operate internationally? Or are you planning new cross-border and...

    Read more

  • Highlights from E-commerce Crash Course


    In the fall 2017 DCBF held a crash course on e-commerce in China, hosted by Confederation of...

    Read more

How to Build a Security Programme for Your China Entity – Reducing Cyber Attacks and Fraud Risks in China

On the 9th of November, Danish-Chinese Business Forum held a Member Meeting looking closer into how to build a security programme for your China entity and how to reduce cyber attacks and fraud risks in China. The event was kindly hosted by Bird & Bird at their Headquarters in Copenhagen.

Cybercrime is one of the fastest growing risk and one of the top 3 concerns in many companies. China is one of the most active countries in state-sponsored or state-controlled cyber attacks against countries and companies.

Partners from Bird & Bird in Shanghai elaborated on how to manage risks from cyber attacks to fraud and corruption and speak about the current environment in China in regard to typical scenarios where corruption risks appear, and best practice approaches to make operations safer. Sven Michael-Werner started out by explaining the differences between the Chinese and the European courts' view on matters ranging from online bribery to the difficulty of termination of labor contracts in cases where hacking has happened from with-in the organisation. Ying Wang, also Partner at Bird & Bird, followed up on the labour issue with a presentation on the evidence treshold in case of labor arbitration in China.

The second company to present was PwC. Jørgen Sørensen, Partner at PwC (Cyber & Information Security), has 30+ years of experience of working as a consultant within IT audit, IT governance, operational risk and cyber/information security; more recently, he has expanded his focus to also include data privacy. His presentation included a thorough guide to the possible organisations behind cyber attacks and what they target. Using cases, such as the hacking of the airport in Hanoi, Vietnam, he explained how companies must prepare more for these new types of attacks.

He had three main suggestions to companies that operate in China (where fines for hacking are considerably smaller than in Europe):

  • Focus on WHO might pose threat to your company (Insiders, Hacktivists, Nation States)
  • Consider WHAT are the threat actors above targeting in your business ecosystem (Trade secrets, Financial data, Sensitive Assets)
  • Assess HOW threat actors might attempt to attack or gather information on your company (Cyber attacks, Open Source, Insiders)