Firms need to hire ‘intellectually curious’ talent to boost cyber defence

They also need to invest strategically in security and adapt culture from the top down, experts said.

Industry experts urge financial institutions to hire eager learners to temper the widening cyber threat landscape, as budgets have grown from 6% to 8% of IT spending to 10% to 12%.

“The kind of people we need to hire are probably slightly different. We need people who are intellectually curious, not scared about the new tools,” Angelo Roxas, Managing Director, Group Retail and Channels Technology and Operations, United Overseas Bank, told the audience of Asian Banking & Finance and Insurance Asia Summit in Singapore, today.

In insurance, spending is also rising. 

“It’s not the traditional skill sets we are looking at. We are looking at cyber risk, threat hunters, predictive analytics,” Sourabh Chitrachar, Regional Vice President for Asia Technology Strategy & Operations at Liberty Mutual, also said in the panel. 

Similarly, Frankie Shuai, APAC Chief Information Security Officer, DWS Group of Deutsche Bank recalled a robotics project where operations staff were trained directly, revealing untapped talent and improving outcomes. 

“For the first time, they felt they were not forgotten. They are part of the digital journey,” Shuai said.

Financial institutions face widening cyber threats as artificial intelligence (AI) becomes more deeply embedded in banking, asset management and insurance. 

At the panel, moderated by Li Yun Seah, Asean Banking & Capital Markets Leader, EY, industry leaders warned that adopting new technologies without caution could expose firms to risks they are not prepared to handle. 

Their solution: invest strategically in security, adapt culture from the top down, and place equal weight on technology and people.

Shuai said technology adoption follows cycles. Cloud computing was once hailed as the universal solution, but years later, many firms still run critical systems on-premise. 

“Do not just blindly go to AI,” Shuai cautioned. “There’s no right or wrong. Find the most useful use cases for you when you deploy technology,"

Shuai also stressed the unequal burden of cyber defence: “Out of 100 cyber attacks, as long as they win one, the bad guys can claim victory. For us defenders, we must win 100 out of 100 times,"

AI against threats and defences
Whilst AI promises efficiency, it also accelerates risk. Shuai noted that phishing emails once betrayed themselves through poor grammar. 

“With just three seconds of your voice, current AI technology is able to generate a much longer fake audio,” Shuai warned, pointing to the vulnerability of voice-based banking authentication.

Roxas echoed the need for structured defence. His team runs weekly “ideation sessions” with senior stakeholders to stress-test initiatives. 

“They look at the solutions. and question: what is the threat from a customer perspective, how does technology get impacted, what are the attack vectors? That challenges us to embed resilience at the design phase,"

As Chitrachar said, awareness and explainability are becoming just as critical as firewalls and threat detection.