China has so far demonstrated poor awareness of its Internet vulnerabilities, a cyber security expert said on Aug. 16.

The warning came from Yan Hanbing, a senior engineer and deputy director of the National Computer Network Emergency Response Coordination Center, at a Tuesday forum on the sidelines of the 2016 China Internet Security Conference in Beijing. The conference was organized by IT company Qihoo 360, the Internet Society of China and the Cyber Security Association of China.

Citing data from China's National Vulnerability Database (CNVD), a government-backed Internet security monitoring platform, Yan said that over 200,000 vulnerabilities in general software or individual cases were found between 2009 and 2016. That number saw an especially steep rise between 2009 and 2014.

Yan added that non-governmental security monitoring platforms have been especially active in recent years, as the top three monitoring platforms were not associated with the government.

In April 2015, Qihoo 360’s monitoring platform, butian.360.cn, discovered that tens of millions of Chinese residents registered in the national social security system were at risk of personal information leaks due to system vulnerability, Global Times reported.

Meanwhile, a report published by a security center affiliated with Qihoo 360 showed that 43.9 percent of 2.3 million monitored websites were found to have vulnerabilities, and 12.3 percent had high-risk vulnerabilities as of November 2015, according to Global Times.

“It should be noted that the rising numbers do not indicate a less safe cyberspace, but rather demonstrate that China is now paying more attention to cyber security, dedicating more effort and investment to detecting vulnerabilities,” Yan noted.

However, many experts believe that the response to this large-scale detection of vulnerabilities has been inadequate. According to Yan, many Chinese Internet users and operators are slow to take action to fix the detected problems. Specifically, some 40 percent of government websites’ high-risk vulnerabilities were left unprotected even one month after their detection.