The new rules are likely to include the use of two-step authentication when logging in to systems, and a requirement to tell clients when a transaction has been made, a spokesman for the Commission told Customs Today.
The changes are likely to be made within the SFC's code of conduct, which will mean they do not need new legislation, the spokesman said.
A consultation on the draft rules will be published in the second quarter of this year, customs Today reported.
Hong Kong's Monetary Authority introduced new cybersecurity obligations for banks in May last year, while Hong Kong's privacy commissioner Stephen Wong Kai-yi said at the time that changes to EU data protection laws and advancements in technology will prompt a review of Hong Kong's own data protection regime over the next 18 months.