The Hong Kong Securities and Futures Commission urges licensed institutions to guard against AI-driven emerging online threats.

On June 2nd, the Securities and Futures Commission of Hong Kong issued a circular requiring licensed institutions to strengthen their cybersecurity measures to address emerging threats driven by cutting-edge artificial intelligence (AI) models. The Securities and Futures Commission of Hong Kong stated that as cyberattacks continue to evolve in Hong Kong and globally, AI-driven network threats have become a major concern. It is worth noting that the number of overall cyberattack incidents in Hong Kong increased by double digits last year. In light of this, the Securities and Futures Commission warned licensed institutions in the circular that the rapid evolution of cutting-edge AI models could make cyberattacks more frequent, targeted, and sophisticated, potentially leading to significant operational disruptions and risks for the institutions, their employees, and clients. The Commission also noted that recent developments in AI make it easier and faster for malicious actors to identify and exploit system vulnerabilities, coordinate attacks across multiple interconnected systems, and launch large-scale attacks. At the same time, the increasing popularity of AI-driven tools lowers the barriers for malicious actors to conduct phishing, social engineering, deepfakes, impersonation, and reconnaissance. Therefore, the cybersecurity risks faced by licensed institutions are escalating. In the circular, the Securities and Futures Commission urged licensed institutions (particularly online brokers and virtual asset trading platforms) to implement robust measures and update them in a timely manner to protect their systems, prevent unauthorized access or disclosure of client confidential information, and safeguard client assets from being misappropriated. Furthermore, the Securities and Futures Commission listed areas within licensed institutions' cybersecurity framework that should be reviewed and strengthened to ensure timely updates and effective operation. These areas include patching and vulnerability management, detection and monitoring measures, as well as incident response and recovery. Dr. Yeung Chi Hang, Executive Director of Intermediaries at the Securities and Futures Commission of Hong Kong, stated, "Cybersecurity risks are a major challenge faced by the financial industry and have always been a regulatory focus for the Securities and Futures Commission in supervising licensed institutions. With cutting-edge AI models becoming increasingly powerful and widespread, AI-driven network threats are expected to rapidly escalate, making the detection and mitigation of these threats more complex. The senior management of licensed institutions should take up the primary responsibility to protect the resilience of their networks and safeguard client assets."