DBS CEO Tan Su Shan identified cyberattacks as the primary risk facing Southeast Asia's largest bank, surpassing concerns over market volatility or geopolitical shocks. Speaking at the annual CONVERGE LIVE event in Singapore, Tan emphasized that cybersecurity is now the 'new war,' highlighting the constant and evolving nature of cyber threats in the financial sector [1]. She described DBS's internal approach as one of 'deliberate paranoia,' involving continuous 'red teaming'—stress-testing systems by simulating attacks—and maintaining a mindset of perpetual vigilance.
Tan specifically pointed to the rise of generative and 'agentic' artificial intelligence as a double-edged sword for banks. While these technologies offer productivity gains and operational efficiencies, they also expand the attack surface, especially when integrated into critical systems. She stressed the importance of implementing robust guardrails when AI systems interact with customer-facing or core banking infrastructure [1].
The CEO underscored the necessity of strict frameworks for data lifecycle management, ensuring that data is governed, monitored, and controlled from creation to deletion. This includes clear protocols for access, auditability, and transparency. Tan noted that as financial institutions deepen their adoption of AI, the potential for new vulnerabilities increases, particularly as systems become more interconnected and autonomous [1].
Tan concluded that what will separate winners from losers in the banking sector is the 'good adoption, smart adoption, safe adoption' of AI and cybersecurity practices. She characterized the current environment as one of 'fantastic opportunities, but also fantastic challenges and a lot of scariness,' especially regarding the protection of sensitive data and core infrastructure [1].
CONCLUSION
DBS CEO Tan Su Shan's remarks highlight the growing importance of cybersecurity and responsible AI adoption in the banking sector. Her warnings suggest that financial institutions must prioritize vigilance and robust frameworks to manage evolving cyber risks, which are now seen as more pressing than traditional market or geopolitical threats.