Hong Kong SFC Warns Licensed Firms of Rising AI-Driven Cyberattacks

Hong Kong's Securities and Futures Commission (SFC) on June 2, 2026, urged licensed firms to upgrade cybersecurity defenses, warning that artificial intelligence is fueling more advanced and targeted attacks. The directive specifically highlighted risks for internet brokers and virtual asset-trading platforms. Cyberattacks in the city jumped 27% to 15,877 in 2025 from 12,536 in 2024, the SFC said, citing local data. The regulator noted that AI allows malicious actors to exploit vulnerabilities faster, launch large-scale attacks, and reduce the difficulty of phishing and social engineering. It called on firms to adopt up-to-date safeguards to guard against unauthorized client data access and asset misappropriation. Eric Yip, the SFC's executive director of intermediaries, said senior management must assume primary responsibility for cyber resilience. The regulator also identified key areas for improvement: patching, vulnerability management, detection, monitoring, and incident response. Similar warnings have been issued globally, with regulators in Australia and Japan recently flagging risks tied to new AI models.