Rethinking cybersecurity: How APAC banks can safeguard against AI-powered threats

As cyber criminals grow more sophisticated, banks must shift their strategy.

The stakes for cybersecurity in banking have never been higher, particularly in Asia, where a recent Moody's report reveals a striking trend: 50% of bank CEOs have their compensation directly tied to cybersecurity performance.

This trend comes as rapid artificial intelligence (AI) adoption is transforming banking and unlocking new value. But this progress comes with significant cybersecurity risks and creates a clear challenge for CXOs – to strike a careful balance between speed and security as they accelerate their use of AI.

Research showed that 90% of global companies across industries lack the maturity to counter today’s AI-enabled threats, with almost eight in 10 lacking the foundational data and AI security practices essential for protecting their critical infrastructure.

As cyber criminals grow more sophisticated, banks must shift their strategy. The focus can no longer solely be on threat prevention. Instead, it must evolve towards building resilience through enhanced detection, rapid response, and effective recovery capabilities.

This strategy pivot requires a significant change in mindset that will be central in ensuring security in the AI era.

Cybersecurity in the age of AI – three things banks can start doing now

Using digital twins to secure the core 
The banking sector, an early adopter of digital technologies, now faces a unique challenge. Its aging core systems, a patchwork of decades-old fixes and upgrades, are simply not ready for a fast-moving AI-led environment and its rapidly evolving cyber threats.

Whilst modernisation efforts are underway, the sector is massively trailing due to concerns around the risks of disrupting its foundational technology.

Banks can consider Digital Twin technologies to accelerate their modernisation efforts using these to test new architectures, validate the effectiveness of security measures and ensure that the modernized core meets the required standards for security and performance.

Securing the ‘CIA’ triad with AI
Confidentiality, integrity, and availability are fundamental to safeguarding sensitive information. This means ensuring authorised access to sensitive data, maintaining information trustworthiness, and guaranteeing its accessibility and usability when needed.

However, AI also presents new challenges, with sophisticated phishing emails and AI-led automated attacks increasingly compromising trust and access.

Banks can leverage AI to bolster access controls, enhance encryption, and optimise data storage practices. AI can also significantly improve threat detection and response times, predict potential security breaches, and automate security protocols to protect sensitive data.

Building quantum resilience, now 
Quantum computing is advancing rapidly, and it presents banks with a transformative opportunity to optimise portfolios, accelerate risk analysis and refine models for pricing and insurance.

Quantum communication technologies are also emerging as a cornerstone for future-proof cybersecurity infrastructures. However, these quantum technologies also pose a significant security risk.

Soon, cybercriminals will likely abuse quantum computers to break traditional encryption methods. Banks must therefore begin transitioning to post-quantum cryptography (PQC) standards as soon as possible, both within their organisations and across their supply chain, whilst also investing in ecosystem R&D.

Investing in capability, culture and mindset
Closing this technology gap hinges on addressing the skills shortage. Cybersecurity skills are in short supply across all industries.

According to industry estimates quoted by the World Economic Forum, APAC alone faces a deficit of 2.8 million to 4.8 million cybersecurity professionals. To bridge this gap, banks must invest in developing their talent, focusing on core cybersecurity skills and the application of AI for cyber defense.

Equally importantly is cultivating a robust security culture. A separate research shows that only 33% of banks globally integrate cybersecurity considerations into transformation initiatives from the outset.

Too often, security is an afterthought, bolted on in a patchwork fashion. Banks need to intentionally build a culture where security is perceived as everyone’s responsibility, not just of the IT department.

This requires an always-on learning approach, training employees at every level to recognise and report potential security issues and equipping them with clear policies and procedures for incident handling.

Protecting the enterprise from cybersecurity risks has never been easy, and there is no silver bullet. In an AI-driven environment where risks are rapidly increasing and evolving, a proactive and holistic approach to cybersecurity is the only way forward.

Given the escalating costs of weak defences, the problem's inherent complexity, the rapid pace of threat evolution, and the necessity for continuous investment, building robust cybersecurity defences demand active C-suite sponsorship. Yet, a concerning statistic emerges: only one in five technology leaders in banks globally acknowledge that AI is outpacing their current security capabilities.

For organisations to stay ahead in the cybersecurity battle, the C-suite mindsets must change, and it has to happen now.