For DBS CEO Tan Su Shan, the biggest risk keeping him up at night isn’t just market volatility or country shocks, but cyber attacks.
“Cyber security. I think the new war is cyber. So what keeps me up at night is cyber. Who’s going to attack who, and how it’s going to happen, how people are going to be affected,” a DBS executive told CNBC on the sidelines of its annual CONVERGE LIVE event in Singapore.
His warning underscores a broader shift in the way financial institutions think about risk, as cyber threats increasingly intersect with geopolitics and rapid advances in artificial intelligence.
Tan said banks now operate in an environment where cyber risks are ever-present and evolving, requiring a constant vigilance mindset. “Assume nothing, trust nothing, trust no one,” he said, explaining how DBS deals with cybersecurity internally.
That has translated into ongoing “red-collaring,” or stress-testing systems by simulating attacks, and a culture of what he described as deliberate obfuscation. The goal is to anticipate vulnerabilities before attackers can exploit them, especially as AI lowers the barrier to sophisticated cyber threats, he said.
“We’re always wondering about cybersecurity … what’s going to separate the winners from the losers is good adoption, smart adoption, secure adoption,” Tan said.
The rise of artificial and “agent” AI has added a new layer of complexity. While these technologies promise productivity and efficiency gains, Tan cautioned that they also widen the attack surface – or all points where an authorized user can attack a system – especially when using sensitive programs.
“When it comes to productivity… make sure you have all the right monitoring lines,” he said, referring to AI systems that interact directly with banks’ customer-facing or core infrastructure.
That vigilance has become more important as financial institutions deepen their use of artificial intelligence. While AI promises efficiency gains and new capabilities, Tan said it also introduces new risks, especially as systems become more connected and autonomous.
The rise of artificial and agent AI, he notes, has created “great opportunities, but also great challenges and great fears that come with it,” especially when it comes to protecting sensitive data and core banking infrastructure.
For DBS, that has meant building strong frameworks around how data is handled and monitored. Tan emphasized the importance of “data lifecycle management,” ensuring that data is properly managed from creation to deletion, with clear controls on access, readability and transparency.
At the same time, the operating environment of markets and banks has grown more volatile, shaped by supply chain disruptions, trade tensions and shocks caused by conflicts, from the pandemic to tariffs and now the war in Iran.
Tan said the shock has forced companies to seriously rethink across the board, from supply chains to payment systems. The same principle applies to cyber security: institutions should build redundancy, alternatives and contingency plans.
“Prepare for the worst, hope for the best but have that playbook ready,” she said.
