Governance Regulation, Lastest Topics, Popular News, Regulatory Updates
SFC flags cybersecurity incidents involving licensed firms and resulting business disruptions in thematic review report
10
Feb
Feb
The Securities and Futures Commission (SFC) has reported a concerning trend of material cybersecurity incidents affecting licensed corporations in Hong Kong, resulting in significant business disruptions and unauthorized access to client accounts. In its 2023/24 Thematic Cybersecurity Review, the SFC documented eight notable breaches from 2021 to 2024, often linked to vulnerabilities such as outdated software and weak encryption methods. These incidents highlight a lack of adequate senior management oversight and cybersecurity controls. To combat rising cyber threats, the SFC has outlined expected conduct standards for licensed firms regarding phishing prevention, software management, and cloud security. Dr. Eric Yip emphasized the need for senior management to prioritize cybersecurity to protect both their firms and clients. The SFC will also host webinars on cybersecurity threats and plans to conduct a comprehensive review of existing cybersecurity requirements in 2025 to establish a standardized industry framework. Resources: https://apps.sfc.hk/edistributionWeb/gateway/EN/news-and-announcements/news/doc?refNo=25PR15
