DBS CEO Fears Cyber Threats Above All

Source: cnbc.com

TL;DR

• Tan Su Shan: DBS CEO identifies cyberattacks as her top worry, calling it the new war due to unpredictability.
• DBS Approach: Bank uses continuous red teaming, stress tests, and a "trust nothing" mindset for cybersecurity.
• AI Risks: Generative and agentic AI boosts efficiency but expands attack surfaces, demanding strict data governance.

The story at a glance

DBS CEO Tan Su Shan told CNBC that cyber threats keep her up at night more than market volatility or geopolitics. She described DBS's response, including constant stress-testing and paranoia to counter evolving risks, especially from AI. This comes amid her bank's annual CONVERGE LIVE event in Singapore, as financial firms face rising cyber and AI challenges.

Key points

• Cyber threats are unpredictable, intertwining with geopolitics and AI advances, shifting how banks view risk.
• DBS adopts a "assume nothing, trust nothing, trust nobody" mindset for perpetual vigilance.
• Bank conducts ongoing "red teaming" by simulating attacks to find vulnerabilities first.
• AI, including generative and agentic types, offers productivity but lowers barriers for sophisticated threats and widens attack surfaces.
• DBS enforces data lifecycle management with controls for access, auditability, and transparency in AI systems.
• Broader volatility from pandemics, tariffs, and conflicts like the Iran war pushes resilience in supply chains and cybersecurity.
• Institutions should prepare playbooks with redundancy and contingency plans.

Details and context

Tan Su Shan spoke on the sidelines of DBS's annual CONVERGE LIVE event in Singapore. She stressed deliberate paranoia separates cybersecurity winners from losers, especially as AI touches production systems like customer-facing banking infrastructure.

DBS builds guardrails around AI to protect sensitive data and core operations. This includes monitoring data from creation to deletion.

The cyber environment ties to external shocks, forcing banks to rethink payment systems and supply chains with backups and alternatives.

Key quotes

"Cyber security. I think the new war is cyber. So what keeps me awake at night is cyber. It's who's going to attack who, and how it's going to happen, how people will get affected," DBS CEO Tan Su Shan told CNBC.

"Assume nothing, trust nothing, trust nobody," she said, describing DBS's internal cybersecurity approach.

Why it matters

Cyber threats now rival traditional risks for banks, amplified by AI and geopolitics. Financial firms like DBS must balance AI's efficiency gains against new vulnerabilities in interconnected systems. Watch how banks deploy AI guardrails and stress tests amid ongoing attacks.

FAQ

Q: Why does DBS CEO Tan Su Shan worry most about cyber threats?

A: She calls cyber the new war due to its unpredictability, uncertainty over attackers and methods, and potential widespread impact. This tops concerns like market volatility or geopolitical shocks. Banks now face constant, evolving risks requiring vigilance.

Q: How does DBS handle cybersecurity?

A: DBS uses continuous red teaming to simulate attacks, fosters a culture of deliberate paranoia, and applies a "trust nothing" mindset. The goal is to spot vulnerabilities before real attackers do. This counters AI-lowered barriers for threats.

Q: What risks does AI pose for banks according to Tan?

A: Generative and agentic AI expands attack surfaces, especially in production systems touching customers or core infrastructure. It brings efficiency but demands guardrails, data governance, and lifecycle management. Safeguards ensure safe adoption.

Q: What broader resilience steps does Tan recommend?

A: Banks should build redundancy, alternative pathways, and contingency playbooks for shocks like supply disruptions or conflicts. Prepare for the worst while hoping for the best. This applies to cybersecurity and operations alike.