For DBS CEO Tan Hsu Xiang, the biggest risk that keeps him up at night is not just market volatility or geopolitical shocks, but cyber-attacks.
“Cybersecurity. I think the new war is cyber. So what keeps me up at night is cyber: who attacks whom and how it happens and how people are affected,” the DBS chief executive told CNBC on the sidelines of the annual CONVERGE LIVE event in Singapore.
Her warning highlights a broader shift in how financial institutions think about risk, as cyber threats become increasingly intertwined with geopolitics and rapid advances in artificial intelligence.
Mr Tan said banks are now operating in an environment of ever-changing cyber risks, requiring a mindset of constant vigilance. “Assume nothing, trust nothing and trust no one,” she said, explaining how DBS approaches cybersecurity internally.
It morphed into ongoing “red teaming,” a stress-testing system that simulates attacks, and a culture of what she described as deliberate paranoia. The goal is to predict vulnerabilities before attackers exploit them, especially as AI lowers the barrier to more sophisticated cyber threats, he said.
“We’re always paranoid about cybersecurity…What separates the winners from the losers is good deployment, smart deployment, secure deployment,” Tan said.
The rise of generative and “agentic” AI adds new complexity. While these technologies promise increased productivity and increased operational efficiency, Tan warned that, especially when deployed on critical systems, they also expand the attack surface, or all the points at which an authorized user can attack a system.
“When you get into production…make sure you have all the relevant guardrails in place,” he said, referring to AI systems that interact directly with customer-facing infrastructure and the bank’s core infrastructure.
That vigilance becomes even more important as financial institutions embrace artificial intelligence. While AI promises increased efficiency and new capabilities, it also brings new vulnerabilities, especially as systems become more interconnected and autonomous, Tan said.
She noted that the rise of generative and agentic AI is creating “great opportunities, but also great challenges and a lot of fear along with it,” especially when it comes to protecting sensitive data and core banking infrastructure.
For DBS, this means building a rigorous framework for how data is processed and monitored. Mr. Tan emphasized the importance of “data lifecycle management,” which clearly controls access, auditability, and transparency, and appropriately manages data from creation to deletion.
At the same time, the operating environment for markets and banks has become more volatile, shaped by shocks from supply chain disruptions, trade tensions, and conflicts, from the pandemic to tariffs to the current Iran war.
Mr Tan said such shocks are forcing businesses to rethink their overall resilience, from supply chains to payment systems. The same principle applies to cybersecurity. This means institutions must build in redundancies, alternative routes, and contingency plans.
“You want to prepare for the worst and hope for the best, but have a strategy in place,” she said.
