SFC Urges Licensed Firms to Guard Against Emerging AI-Enabled Cyber Threats

Hong Kong's Securities and Futures Commission issued a formal circular on June 2, 2026, explicitly placing AI-enabled cyber risk at the board and senior management level — not just IT — following a 27% surge in cyberattack incidents and the emergence of frontier AI-powered threats. The circular makes clear that senior management bears ultimate accountability for cyber resilience decisions, demanding that boards develop structured frameworks for assessing AI-driven operational risks rather than delegating them downward. For SEA mid-market CEOs, this represents a live regulatory signal that AI risk governance is now a board-level decision quality issue requiring scenario planning and explicit accountability.