Hong Kong SFC warns licensed firms on AI-enabled cyber threats
Hong Kong's Securities and Futures Commission issued a circular urging licensed firms to bolster cybersecurity against emerging AI-enabled threats. The regulator noted a 27% rise in cyberattacks in Hong Kong last year and warned that frontier AI models enable more frequent, targeted, and sophisticated attacks.
%22%2F%3E%0A%20%20%20%20%20%20%3Cstop%20offset%3D%22100%25%22%20style%3D%22stop-color%3Argba(255%2C255%2C255%2C0.04)%22%2F%3E%0A%20%20%20%20%3C%2FlinearGradient%3E%0A%20%20%3C%2Fdefs%3E%0A%20%20%3Crect%20width%3D%221200%22%20height%3D%22630%22%20fill%3D%22url(%23bg)%22%2F%3E%0A%20%20%3Crect%20x%3D%2270%22%20y%3D%2270%22%20width%3D%221060%22%20height%3D%22490%22%20rx%3D%2218%22%20fill%3D%22rgba(255%2C255%2C255%2C0.08)%22%20stroke%3D%22rgba(255%2C255%2C255%2C0.16)%22%2F%3E%0A%20%20%3Cpath%20d%3D%22M110%20450%20C250%20370%20330%20400%20455%20325%20C585%20247%20690%20255%20820%20180%20C900%20134%20980%20120%201090%20145%22%20fill%3D%22none%22%20stroke%3D%22rgba(255%2C255%2C255%2C0.32)%22%20stroke-width%3D%223%22%2F%3E%0A%20%20%3Cpath%20d%3D%22M110%20500%20C260%20430%20355%20455%20500%20365%20C640%20278%20745%20295%20895%20210%20C970%20168%201025%20160%201090%20177%22%20fill%3D%22none%22%20stroke%3D%22rgba(255%2C255%2C255%2C0.16)%22%20stroke-width%3D%222%22%2F%3E%0A%20%20%3Ccircle%20cx%3D%22455%22%20cy%3D%22325%22%20r%3D%228%22%20fill%3D%22rgba(255%2C255%2C255%2C0.5)%22%2F%3E%0A%20%20%3Ccircle%20cx%3D%22820%22%20cy%3D%22180%22%20r%3D%228%22%20fill%3D%22rgba(255%2C255%2C255%2C0.5)%22%2F%3E%0A%20%20%3Ccircle%20cx%3D%22895%22%20cy%3D%22210%22%20r%3D%226%22%20fill%3D%22rgba(255%2C255%2C255%2C0.32)%22%2F%3E%0A%20%20%3Crect%20x%3D%22118%22%20y%3D%22112%22%20width%3D%22185%22%20height%3D%2216%22%20rx%3D%228%22%20fill%3D%22rgba(255%2C255%2C255%2C0.34)%22%2F%3E%0A%20%20%3Crect%20x%3D%22118%22%20y%3D%22148%22%20width%3D%22330%22%20height%3D%2210%22%20rx%3D%225%22%20fill%3D%22rgba(255%2C255%2C255%2C0.18)%22%2F%3E%0A%20%20%3Crect%20x%3D%22118%22%20y%3D%22174%22%20width%3D%22250%22%20height%3D%2210%22%20rx%3D%225%22%20fill%3D%22rgba(255%2C255%2C255%2C0.14)%22%2F%3E%0A%20%20%3Crect%20x%3D%22795%22%20y%3D%22360%22%20width%3D%22230%22%20height%3D%22116%22%20rx%3D%2214%22%20fill%3D%22url(%23paper)%22%20stroke%3D%22rgba(255%2C255%2C255%2C0.13)%22%2F%3E%0A%20%20%3Crect%20x%3D%22830%22%20y%3D%22395%22%20width%3D%22150%22%20height%3D%229%22%20rx%3D%224.5%22%20fill%3D%22rgba(255%2C255%2C255%2C0.26)%22%2F%3E%0A%20%20%3Crect%20x%3D%22830%22%20y%3D%22424%22%20width%3D%22112%22%20height%3D%229%22%20rx%3D%224.5%22%20fill%3D%22rgba(255%2C255%2C255%2C0.18)%22%2F%3E%0A%20%20%3Ctext%20x%3D%22118%22%20y%3D%22528%22%20font-family%3D%22Arial%2C%20Helvetica%2C%20sans-serif%22%20font-size%3D%2224%22%20font-weight%3D%22800%22%20letter-spacing%3D%225%22%20fill%3D%22rgba(255%2C255%2C255%2C0.78)%22%3EJINGPOST%3C%2Ftext%3E%0A%20%20%3Ctext%20x%3D%22930%22%20y%3D%22528%22%20text-anchor%3D%22end%22%20font-family%3D%22Arial%2C%20Helvetica%2C%20sans-serif%22%20font-size%3D%2216%22%20font-weight%3D%22700%22%20letter-spacing%3D%222%22%20fill%3D%22rgba(255%2C255%2C255%2C0.55)%22%3EFinancial%20Services%3C%2Ftext%3E%0A%3C%2Fsvg%3E)
The Securities and Futures Commission (SFC) today issued a circular calling on licensed firms to strengthen cybersecurity measures against emerging threats enabled by frontier artificial intelligence (AI) models. the action follows cyberattacks continue to evolve locally and globally, with Hong Kong recording a 27% increase in overall cyberattack incidents last year to 15,877, according to data from the Hong Kong Computer Emergency Response Team Coordination Centre.
The SFC warns that fast-advancing frontier AI models have the potential to enable more frequent, targeted, and sophisticated cyberattacks, which could result in significant operational disruptions and risks for licensed firms, their staff, and clients. Recent advancements in AI have made it easier for malicious actors to identify and exploit system vulnerabilities at a faster pace, coordinate attacks across multiple interconnected systems, and orchestrate large-scale attacks.
The proliferation of AI-enabled tools lowers barriers for malicious actors to engage in phishing, social engineering, deepfake impersonation, and reconnaissance. Consequently, licensed firms are exposed to heightened cybersecurity risks.
The SFC urges licensed firms, especially internet brokers and virtual asset trading platforms, to implement robust and up-to-date measures to protect their systems, prevent unauthorized access or disclosure of confidential client information, and safeguard client assets against misappropriation.
The circular sets out areas for licensed firms to review and enhance their cybersecurity frameworks, including patching and vulnerability management, detection and monitoring measures, as well as incident response and recovery. Dr Eric Yip, the SFC's Executive Director of Intermediaries, stated that cybersecurity risk remains a top supervisory focus and that senior management should shoulder primary responsibilities in gatekeeping firms' cyber resilience and the security of client assets.
The SFC will continue to engage with the industry, technology service providers, and local and overseas regulators on this issue. As part of its ongoing efforts, the SFC will organize webinars to raise industry awareness, conduct thematic reviews to assess licensed firms' preparedness and resilience in responding to cybersecurity incidents and attacks, and take appropriate supervisory action in response to these evolving risks.