APAC faces rising cyber threats as AI fuels fraud

Experts warn APAC banks must balance compliance with innovation.

Asia-Pacific has become the most targeted region for cyberattacks, with financial institutions bearing the brunt of phishing and fraud attempts. According to Frankie Shuai, APAC Chief Information Security Officer at DWS Group of Deutsche Bank, the sector’s growing reliance on digital infrastructure has expanded its vulnerabilities.

He noted that the financial sector is the second most targeted globally, with “almost one in every four sub attacks” aimed at financial institutions.

The shift to digital platforms has expanded what Shuai described as the attack surface. “When our financial system and data are moving to the cloud, when our employees are connecting the corporate network at any time, at any place, and using any device, so called triple A,” he said. Growing digital touchpoints—from online transactions to supplier connections—are creating more entry points for cybercriminals.

Technology has not only accelerated banking innovation but also equipped criminals with more advanced tools. Shuai warned that phishing, malware, ransomware, and fraud are becoming more sophisticated with the use of artificial intelligence.

“When we are on the digital transformation journey, the bad guys are also on their digital transformation journey that could make use of AI and machine learning as an advantage in their attack campaigns as well,” he said.

He pointed to the rise of AI-generated phishing scams as a pressing concern. “Many years ago, we might receive some phishing or scam email that was tapped by a real hacker sitting at the other side of the world. But nowadays, such email could be easily drafted by the artificial intelligence AI, with much better grammar, tailored and broadcasted using AI as well.”

Regulators across APAC are now being urged to strengthen cyber rules. Shuai emphasised the need for proactive compliance strategies to protect financial institutions without stifling innovation.

Shuai argued that early integration of compliance measures is key. Agile approaches can also help institutions balance innovation and regulation. “If there's any mistake in the pilot phase, don't be afraid of it, but learn from it and fix it before going to the production.”