In United Kingdom, there may not have such laws and penalties just like Hong Kong. That is why the Information Security business in the States is so active. Please note that "Talk Talk" is a UK based telecom company which is hacked for several times recently.
In my opinion, to harden your networks or systems in the view of sysadmins is totally difference from in the view of attackers. Most sysadmins do not know about the attacks in deep, including some sysadmins in USA. Therefore, there is a risk to harden your networks or systems in the view of sysadmins.
Here comes my slogans : (1) While you do not know attack, how can you know about defense? (未知攻,焉知防?) and (2) Think like a criminal and act as a professional.