Episode 83 with Wendy Chow, Nicky Au, and Pierre Malgorn 🎧

Hong Kong is stepping into a new era of cybersecurity regulation with the Protection of Critical Infrastructure Computer Systems Ordinance, set to take effect on January 1, 2026. What does this mean for businesses, and how will it reshape the city’s role as a global hub? In this episode of Regulatory Ramblings, host Ajay Shamdasani explores the ordinance’s implications, from compliance challenges to talent strategies and emerging threats like AI-powered attacks.

The conversation begins with Wendy Chow, Head of Digital Technologies and Data Infrastructure at Invest Hong Kong, who explains why the ordinance is a proactive measure to strengthen Hong Kong’s position as an international financial, shipping, and trading hub. Wendy outlines the eight designated sectors—banking, energy, healthcare, transport, IT, telecommunications, and broadcasting—and stresses that the law moves beyond voluntary best practices to a robust legal framework. She also shares how InvestHK is providing hands-on support and guidance to help businesses adapt, attract cybersecurity firms, and build local talent pipelines.

Later, Ajay is joined by Nicky Au, General Manager for Greater Bay Area at Ensign InfoSecurity, and Pierre Malgorn, APAC Director at I-TRACING Cybersecurity, for a deep dive into implementation strategies and board-level priorities. They discuss why risk-based approaches are essential, how to prepare for incident response and crisis communication, and why financial penalties alone won’t drive cultural change. Both experts emphasize that cybersecurity must be treated as a strategic business risk, requiring top-down commitment and continuous awareness training.

The segment also looks ahead to AI-driven threats and the evolving compliance landscape. Nicky and Pierre explain why mere regulatory box-ticking is no longer enough and how attackers are leveraging AI to scale breaches—while defenders must use AI for detection and response. They argue that real security demands agility, visibility, and proactive threat hunting, not just adherence to minimum standards.

About Our Guests:

Wendy Chow is Head of Digital Technologies and Data Infrastructure at InvestHK, with over two decades of experience helping global tech firms establish and grow in Hong Kong.

Nicky Au serves as General Manager for Greater Bay Area at Ensign InfoSecurity, specializing in cyber defense strategies and talent development.

Pierre Malgorn is APAC Director at I-TRACING, bringing deep expertise in governance, risk, and compliance advisory for critical infrastructure operators across Europe and Asia.

The Regulatory Ramblings is an award-winning podcast, honored with the Agora Award for Excellence in Podcasting, bestowed by the Compliance Podcasting Network for its outstanding contribution to thought leadership in compliance and fintech.

The podcast is brought to you by The University of Hong Kong’s Reg/Tech Lab (Building Better Financial Systems), HKU-SCF FinTech Academy, Asia Global Institute, and HKU-edX Professional Certificate in FinTech, with support from HKU Faculty of Law. The program is led by Douglas Arner and hosted by Ajay Shamdasani.

For more details and resources, visit: hkufintech.com/rr

HKU FinTech is the leading fintech research and education in Asia. Learn more at www.hkufintech.com.