Hong Kong securities regulator warns licensed firms of AI-driven cyber threats

June 2 (Reuters) – Hong Kong’s securities regulator on Tuesday urged licensed firms to bolster their cybersecurity defenses, warning of a surge in increasingly advanced and targeted AI-driven cyber threats.

• In a circular, the Securities and Futures Commission said licensed firms, specifically internet brokers and virtual asset-trading platforms, should adopt up-to-date safeguards to prevent unauthorised access to client data and guard against asset misappropriation.

• Incidents of cyberattack increased 27% to 15,877 in 2025 from 12,536 in 2024, the body said, referring to data from the Hong Kong Computer Emergency Response Team Coordination Centre.

• The regulator said AI was enabling malicious actors to identify and exploit vulnerabilities faster and launch large-scale attacks, while lowering barriers to phishing and social engineering.

• The SFC also identified areas where companies can strengthen cybersecurity, including patching and vulnerability management, detection and monitoring, and incident response and recovery.

• Eric Yip, the SFC’s executive director of intermediaries, said senior management at licensed firms should take primary responsibility for cyber resilience and protecting client assets.

• Recently, global regulators have sounded similar alarms – Australia’s watchdog in late April and Japan’s banking authority in mid-May – over mounting risks tied to Anthropic’s new AI model, Mythos.

(Reporting by Shruti Agarwal in Bengaluru; Editing by Pooja Desai)