Hong Kong Securities and Futures Commission urges licensed firms to strengthen cybersecurity against frontier AI enabled threats

The Hong Kong Securities and Futures Commission has issued a circular calling on licensed firms to strengthen cybersecurity controls in response to emerging threats enabled by frontier artificial intelligence models. The warning is aimed at firms across the SFC perimeter, with particular emphasis on internet brokers and virtual asset trading platforms, and focuses on protecting systems, preventing unauthorised access to confidential client information, and safeguarding client assets from misappropriation. The circular says advances in AI could make cyberattacks more frequent, targeted and sophisticated, increasing the risk of operational disruption for firms, staff and clients. It highlights faster identification and exploitation of vulnerabilities, coordination of attacks across interconnected systems, and wider use of phishing, social engineering, deepfake impersonation and reconnaissance tools. Against that backdrop, licensed firms are urged to review and enhance patching and vulnerability management, detection and monitoring, and incident response and recovery. Hong Kong recorded a 27% rise in cyberattack incidents in 2025, to 15,877 from 12,536 in 2024. The SFC said cybersecurity remains a top supervisory focus and placed primary responsibility on senior management for firms' cyber resilience and the security of client assets. It plans further engagement with industry, technology service providers and local and overseas regulators, alongside webinars, thematic reviews of firms' preparedness and resilience, and supervisory action where needed.