The stakes for cybersecurity in banking have never been higher, particularly in Asia, where a recent Moody’s report reveals a striking trend: 50 percent of bank CEOs have their compensation directly tied to cybersecurity performance. This trend comes as rapid AI adoption is transforming banking and unlocking new value. But this progress comes with significant cybersecurity risks and creates a clear challenge for CXOs – to strike a careful balance between speed and security as they accelerate their use of AI. Our research shows that 90 percent of global companies across industries lack the maturity to counter today’s AI-enabled threats, with almost 8 in 10 lacking the foundational data and AI security practices essential for protecting their critical infrastructure.

As cyber criminals grow more sophisticated, banks must shift their strategy. The focus can no longer solely be on threat prevention. Instead, it must evolve towards building resilience through enhanced detection, rapid response, and effective recovery capabilities. This strategy pivot requires a significant change in mindset that will be central in ensuring security in the AI era.

Cybersecurity in the Age of AI – three things banks can start doing now

Using digital twins to secure the core

The banking sector, an early adopter of digital technologies, now faces a unique challenge. Its aging core systems, a patchwork of decades-old fixes and upgrades, are simply not ready for a fast-moving AI-led environment and its rapidly evolving cyber threats. While modernization efforts are underway, the sector is massively trailing due to concerns around the risks of disrupting its foundational technology.

Banks can consider Digital Twin technologies to accelerate their modernization efforts, using these to test new architectures, validate the effectiveness of security measures, and ensure that the modernized core meets the required standards for security and performance.

Securing the ‘CIA’ triad with AI

Confidentiality, integrity, and availability are fundamental to safeguarding sensitive information. This means ensuring authorized access to sensitive data, maintaining information trustworthiness, and guaranteeing its accessibility and usability when needed. However, AI also presents new challenges, with sophisticated phishing emails and AI-led automated attacks increasingly compromising trust and access.

Banks can leverage AI to bolster access controls, enhance encryption, and optimize data storage practices. AI can also significantly improve threat detection and response times, predict potential security breaches, and automate security protocols to protect sensitive data.

Building Quantum resilience, now

Quantum computing is advancing rapidly, and it presents banks with a transformative opportunity to optimize portfolios, accelerate risk analysis, and refine models for pricing and insurance. Quantum communication technologies are also emerging as a cornerstone for future-proof cybersecurity infrastructures. However, these quantum technologies also pose a significant security risk. Soon, cybercriminals will likely abuse quantum computers to break traditional encryption methods. Banks must therefore begin transitioning to post-quantum cryptography (PQC) standards as soon as possible, both within their organizations and across their supply chain, while also investing in ecosystem R&D.

Investing in capability, culture, and mindset

Closing this technology gap hinges on addressing the skills shortage. Cybersecurity skills are in short supply across all industries. According to industry estimates quoted by World Economic Forum, APAC alone faces a deficit of 2.8 million to 4.8 million cybersecurity professionals. To bridge this gap, banks must invest in developing their talent, focusing on core cybersecurity skills and the application of AI for cyber defense.

Equally importantly is cultivating a robust security culture. Our research shows that only 33 percent of banks globally integrate cybersecurity considerations into transformation initiatives from the outset. Too often, security is an afterthought, bolted on in a patchwork fashion. Banks need to intentionally build a culture where security is perceived as everyone’s responsibility, not just of the IT department. This requires an always-on learning approach, training employees at every level to recognize and report potential security issues and equipping them with clear policies and procedures for incident handling.

Protecting the enterprise from cybersecurity risks has never been easy, and there is no silver bullet. In an AI-driven environment where risks are rapidly increasing and evolving, a proactive and holistic approach to cybersecurity is the only way forward. Given the escalating costs of weak defenses, the problem’s inherent complexity, the rapid pace of threat evolution, and the necessity for continuous investment, building robust cybersecurity defenses demands active C-suite sponsorship. Yet, a concerning statistic emerges: only one in five technology leaders in banks globally acknowledge that AI is outpacing their current security capabilities. For organizations to stay ahead in the cybersecurity battle, the C-suite mindsets must change, and it has to happen now.

Nicole Bodack is Banking Lead, APAC at Accenture. Nicole is a management and technology consulting executive with 18 years of experience working with leading financial services institutions across the globe. Based in Singapore, Nicole leads Accenture’s Capital Markets practice for Asia Pacific, Africa, the Middle East and Latin America. She is also responsible for the company’s Wealth and Asset Management business in the region. Nicole shaped and led numerous large-scale and complex transformation programs and provides pragmatic advisory services across Corporate & Investment Banking, Wealth Management and Asset Management firms.

Accenture