-->

Strengthening Bank Cybersecurity in the Age of AI

Banks today face cybersecurity challenges that are increasingly complex, compounded by the sophisticated nature of threats and the integration of artificial intelligence into their organization’s operations.


By Noah Moravec


PUBLISHED APRIL 2024

In fact, the International Monetary Fund warned just this month that banks are highly exposed to cyber incidents, and a severe attack could cause loss of confidence and disruption of services, with the potential for significant impact to the economy. As a result, companies are facing a growing demand for enhanced threat detection and monitoring, driven by the rise of ransomware, model evasion, and data poisoning. 

Navigating this complex landscape requires a nuanced approach to risk management and mitigation. The rise of AI in banking, while promising, necessitates responsible management of the new risks it introduces. As bank leaders navigate the AI era, here are a few considerations to enhance cyber protection and monitoring.

Creating a Culture of Cybersecurity

Fostering a culture of cybersecurity awareness starts with leadership. Leaders must prioritize staying informed of emerging cyber threats and establishing AI risk-assessment frameworks. Regular communication with relevant stakeholders, including senior leadership, IT teams, data scientists, engineers, and legal counsel, among others, is crucial. Leaders should also provide continuous security and threat awareness education and training to all employees who leverage and deploy AI algorithms. 

In addition, it’s essential that security is integrated into the product-development life cycle from the outset. This approach not only enhances security but also aligns with regulatory expectations and mitigates potential threats proactively. Organizations should govern data management, establish formal governance for data asset management, and prevent privacy vulnerabilities. It is also important to stay compliant by maintaining transparent and timely reporting of security threat incidents.

Finally, enhancing board and executive oversight is critical. This involves strengthening the oversight of security risk management, strategy, and governance at the board and executive level. Regular communication and reporting between executives, management, and the board will foster a proactive approach to identifying, monitoring, and mitigating potential security threats. 

Mitigating Risk in AI Adoption 

The adoption of AI comes with inherent risks, including issues related to data management, operational dependencies, and the potential for misuse of AI technologies. To mitigate these risks, it is imperative to establish a robust “trusted AI” governance framework. This framework should encompass formal processes for identifying and assessing risks, ensuring visibility of AI across business functions, and promoting continuous training for stakeholders to ensure safe, ethical, and responsible AI usage. It is also critical to maintain transparency into third party vendors’ AI use to ensure they meet security and privacy standards. 

Managing these risks requires a comprehensive understanding of each AI deployment, adaptation of existing risk frameworks to incorporate emerging AI tools and trends, and a focus on monitoring outcomes and identifying model risk threats. 

Advantages of AI in Cybersecurity 

AI can play a pivotal role by offering the ability to monitor and reduce threats through real-time analysis and response to potential cybersecurity incidents. Using AI, companies can detect abnormalities such as excessive logins, unauthorized new users, or transactions from unusual locations. AI models can be trained with a knowledge base that predicts outcomes and recommends next steps for system administrators. 

One of the most valuable advantages of leveraging AI in cybersecurity is the ability to automate repetitive tasks such as analyzing event logs and account monitoring. This enables cybersecurity teams to spend more time on strategy development, upskilling, and threat mitigation. AI systems can also be trained to “remember” previous events that required action, enabling it to predict and prepare for future events while streamlining threat responses.

While organizations of all sizes can benefit from using AI for cybersecurity, small- and medium-sized businesses stand to gain the most. Sustaining a sophisticated cybersecurity operation can be an expensive endeavor, and smaller organizations might lack the resources to stand up a team. In these cases, AI can be a cost-effective solution. For instance, companies that build their own software can utilize AI-driven solutions to scrutinize their code and offer suggestions for improvement, reducing costs and enhancing security.

Embracing an AI Future

As financial institutions navigate this complex landscape where AI is becoming pervasive, cybersecurity is more pivotal than ever to protecting customer data, building trust, and establishing a foundation for growth. Business leaders who take the time to integrate the technology responsibly will best position their companies for success. 

About the author

Noah Moravec is a partner the audit practice for KPMG in Kansas City.

P | 816.838.7487
E | nmoravec@kpmg.com