At Sibos 2025 in Frankfurt, experts spanning multinational banks and fintechs explored the emergence of sophisticated cyberthreats. Bad actors are utilising AI, quantum, and machine learning to level up their attacks, but can financial institutions fight fire with fire? The panel ‘Navigating the intersection of technology and financial security’ explored how disruptive technologies will impact the fraud landscape.
Moderated by Julia Streets, founder and CEO of Streets Consulting, the panel featured Leigh-Ann Russell, chief information officer and global head of engineering at BNY; Ole Matthiessen, managing director at Deutsche Bank Singapore; Mashrur Arefin, managing director and CEO at City Bank; Lisa Lee, global lead for FSI at office of the CISO USA Microsoft; and Sudhir Pai, chief technology and innovation officer at Capgemini Australia.
Microsoft’s Lee kicked off the discussion on AI, describing it as an "augmentation" to their cybersecurity teams. Lee stated that AI can make it easier to visualise cybersecurity risks, and its use in fraud detection and monitoring can reduce the time it takes to resolve the problem:
"We can utilise AI to both model what a threat actor might do in our environment, we can look for threat actors or indicators of compromise in ways that we never thought before. We can ask Copilot or other AI tools to think about this vulnerability, what pieces of my environment might be most at risk."
"Every 30 seconds there is a cyberattack," Russell pointed out – emphasising the severity of the threat. She stated it is essential to embed AI anomaly detection into cybersecurity protocols. She added that BNY has integrated AI throughout their operations to keep up with the bad actors and establish a single platform to map out all their customer connections and transactions.
Pai claimed that the strongest firewall against AI is "a well-trained employee". He detailed that now that AI has entered the mainstream, social AI and enterprise AI can easily become conflated.
"There is the danger of employees creating this additional layer of vulnerability, because unlike other technologies, AI is a very different way of interaction. That adds another layer of risk," Pai explained.
Streets switched gears to ask if a quantum is a threat yet, and Lee responded that some technologies take, and stick to the industry, and others don’t - using metaverse as an example. She continued that there will be applications of quantum in the future and quantum-safe cryptography, but she does not believe yet that there will be a mass quantum migration.
Responding to a query on legacy, Pai stated that he has started to rethink the definition of legacy: "Legacy is now becoming a mindset as opposed to just looking at legacy as a technology. It would require awareness, it would require training, it would require many things."
Moving the conversation to resilience, Matthiessen stated that in a hyperconnected world, two key factors stand out when looking at resilience: the need to look at things from an end-to-end perspective, and how fast FIs can bounce back when something goes wrong.
Matthiessen added: "We should not only look at it from a technology perspective. We should look at it as a design process; how to design and find solutions such that we can ultimately empower and enable those processes through all the rise of the technology, but not focusing the dialogue purely on the technology itself."
Arefin agrees with Matthiesen on the rapid pace of the industry and added that "now is the time of microservices". He continued that banks and cybersecurity teams should learn from the agility of the bad actors, saying that they are synchronised and run operations in seconds, whilst banks take weeks to operate. "The different teams are working together. When you talk about resilience, if something has broken down, how fast can you stand up?"
Russell emphasised inter-industry collaboration when echoing the BNY CEO’s phrase: "resilience is commercial". She stated that there will always be cyberattacks, but there needs to be investment in people. Banks need to be able to bounce back from cyberattacks, but to maintain momentum there needs to be trust in the common framework and shared data ecosystem.
"If there's an incident, we have to reconnect with one with one another. If we don't have that common framework, and if we haven't invested in that common trust, then it's impossible to get those reconnections established," Russell said.
To end the panel, each speaker shared their thoughts on the future of the role of emerging technologies on the future of financial security, with a general consensus on the disruptive potential of AI and quantum, the need for proactive industry leaders, and that continuous learning can lead to a culture shift.