As cyber risks continue to escalate globally, the banking sector faces a rapidly evolving threat landscape intensified by the rise of artificial intelligence (AI). Baretzky and Partners LLC presents an in-depth analysis of how cyber risk is escalating, the transformative impact AI is having on risk management teams, and the emerging AI-driven threats specifically targeting the banking industry in 2025.

Escalation of Cyber Risk: The Current Landscape

Cyber risk has surged dramatically in recent years, with 72% of organizations worldwide reporting an increase in cyber threats over the past year. This escalation is driven by several compounding factors:

-Geopolitical tensions increasing uncertainty and motivating state-sponsored cyberattacks.

-Complex and opaque supply chains, which expand the attack surface and introduce vulnerabilities through third-party vendors.

-Rapid adoption of emerging technologies, including IoT and automated machinery, which improve operations but create new security gaps.

Ransomware remains the foremost organizational cyber risk, cited by 45% of surveyed leaders as their top concern. The commoditization of ransomware through Ransomware-as-a-Service (RaaS) models has lowered the barrier to entry for cybercriminals, leading to more frequent and sophisticated attacks. Supply chain disruptions and cyber-enabled fraud, including phishing and business email compromise, are also rising sharply.

In banking, these risks are acute due to the sector’s reliance on critical infrastructure and interconnected financial systems. The 2024 ransomware attacks on key suppliers, such as CDK Global and Change Healthcare, demonstrated how a single compromised vendor can ripple across industries, paralyzing services and causing massive financial losses.

AI’s Transformative Impact on Risk Teams

Artificial intelligence is reshaping how risk teams operate, offering both opportunities and challenges.

Enhanced Capabilities for Risk Teams

AI-powered tools enable risk teams to:

– Automate threat detection and prioritize risks with greater accuracy.

– Accelerate incident response through autonomous remediation.

– Analyze vast datasets rapidly for reconnaissance and vulnerability identification.

Generative AI technologies, for example, can surface higher-priority risks and drive automated responses, freeing human analysts to focus on complex decision-making. This shift enhances the efficiency and effectiveness of cybersecurity operations within banks and financial institutions.

New Challenges and Expanded Attack Surfaces

However, AI also introduces new vulnerabilities that risk teams must manage. The integration of AI systems expands the attack surface, requiring novel defensive strategies tailored to AI-specific risks. These include:

-Data poisoning attacks, where attackers manipulate AI training datasets to degrade model performance or cause erroneous outputs, potentially undermining critical banking functions like credit scoring or fraud detection.

-Model exploitation, where attackers discover and exploit zero-day vulnerabilities in AI systems faster than traditional IT systems.

-Compromising AI operational frameworks, which can lead to widespread disruption if AI-driven decision-making is corrupted.

Risk teams must therefore develop expertise not only in traditional cybersecurity but also in AI governance, monitoring, and resilience.

Evolving AI Threats in Banking

The banking sector is a prime target for AI-enhanced cyber threats due to the high value of financial data and assets.

AI-Powered Social Engineering and Fraud

AI enables cybercriminals to conduct highly convincing social engineering attacks, including:

– AI-generated phishing, vishing, and spear phishing campaigns that mimic human behavior and adapt dynamically.

– Deepfake technology to impersonate executives or customers, facilitating fraud and unauthorized transactions.

– Creation of synthetic identities that bypass traditional verification systems, complicating identity theft detection.

Research shows AI-automated phishing can reduce operational costs by over 95% while maintaining or exceeding success rates, making these attacks more accessible and frequent.

Accelerated Discovery of Vulnerabilities

AI tools help attackers rapidly scan networks and systems for weaknesses, including zero-day vulnerabilities that have no existing patches. Multiple AI models working in tandem can autonomously identify and exploit these flaws before defenders can respond effectively.

Targeting AI Systems Themselves

In banking, AI systems are increasingly embedded in fraud detection, credit risk assessment, and transaction monitoring. Attackers targeting the AI models themselves through data poisoning or manipulation can cause systemic failures or incorrect risk evaluations, leading to financial losses and regulatory non-compliance.

Strategic Recommendations for Banking and Risk Teams

To navigate this complex landscape, Baretzky and Partners LLC recommends the following strategic actions for banking institutions:

-Adopt AI-aware cybersecurity frameworks that integrate AI risk assessment, monitoring, and incident response into existing security operations.

-Invest in AI governance and training for risk teams to build expertise in identifying and mitigating AI-specific threats.

-Implement Cybersecurity Mesh Architecture (CSMA) to create a flexible, modular security ecosystem that can adapt to distributed environments, including cloud and edge computing.

-Strengthen supply chain security through rigorous vendor risk management and continuous monitoring to address third-party vulnerabilities.

-Enhance identity verification with advanced AI-powered digital identity platforms and multi-factor authentication to combat synthetic identity fraud.

-Prepare for ransomware escalation by maintaining offline backups, network segmentation, and proactive threat hunting.

Summary

The cyber risk environment in 2025 is marked by heightened threats driven by geopolitical tensions, technological complexity, and the dual-edged nature of AI. For the banking sector, this means confronting more sophisticated AI-powered attacks that challenge traditional risk management approaches.

By embracing AI not only as a risk but also as a powerful defensive tool, and by evolving risk teams’ capabilities accordingly, banks can better protect their assets, customers, and reputation in this dynamic threat landscape.

Baretzky and Partners LLC remains committed to guiding financial institutions through these challenges with expert insights and tailored risk management solutions.

This comprehensive overview underscores the urgent need for proactive adaptation to the evolving cyber risk landscape shaped by AI innovations and threats in banking.

www.baretzky.net