Business

Hong Kong regulator warns AI is accelerating cyber threats for brokers

Hong Kong’s top markets watchdog warned that AI is making phishing, deepfakes and account takeovers cheaper to launch and harder for brokers to stop.

Sarah Chen··2 min read
Published
Listen to this article0:00 min
Hong Kong regulator warns AI is accelerating cyber threats for brokers
AI-generated illustration

Hong Kong’s markets watchdog warned licensed firms that frontier AI is lowering the cost of cybercrime just as it raises the speed and precision of attacks, putting internet brokers and virtual-asset platforms squarely in the crosshairs. The Securities and Futures Commission said its new circular is meant to push firms to harden defenses against account takeover, fraud and asset misappropriation before AI-driven attacks outpace existing controls.

The circular, issued on June 2, 2026, was titled “Enhanced cybersecurity measures to address evolving risks arising from artificial intelligence-enabled cyberattacks.” It called on firms to review patching and vulnerability management, detection and monitoring systems, and incident-response and recovery plans. The SFC also said senior management must take primary responsibility for cyber resilience and protecting client assets, making clear that the issue belongs at board level, not only in IT departments.

AI-generated illustration
AI-generated illustration

The warning lands against a stark statistical backdrop. Hong Kong cyberattack incidents rose 27% to 15,877 in 2025 from 12,536 in 2024, according to figures cited from the Hong Kong Computer Emergency Response Team Coordination Centre. HKCERT described the 15,877 incidents as a record high in its Hong Kong Cybersecurity Outlook 2026 and said AI-related threats and supply-chain vulnerabilities were among the major risks expected to emerge in 2026. The Hong Kong Productivity Council repeated the same warning, underscoring how quickly the threat environment is shifting.

For regulators, the concern is no longer just volume but sophistication. AI tools can help attackers generate faster phishing campaigns, automate reconnaissance, tailor social engineering and produce deepfake impersonation that is harder for staff and customers to spot. That matters most for firms that handle sensitive client information and can suffer direct losses if defenses lag behind increasingly automated attacks. The SFC said the warning is especially relevant to internet brokers and virtual-asset trading platforms, two businesses that sit at the intersection of finance, data and real-time customer access.

The move also fits a broader regulatory trend in which AI is being treated as a cyber-risk multiplier rather than only a productivity tool. On the same day, the SFC’s circulars page also listed guidance on the provision of Relevant Stablecoin service by virtual asset trading platforms and licensed corporations, highlighting how closely the regulator is watching digital-asset activity. For Hong Kong, where confidence in market infrastructure is a core part of its role as a financial hub, the message was blunt: cyber resilience is now part of market integrity and client-asset protection.

This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.

Did this article answer your question?

Discussion

More in Business