Banks and financial institutions across Southeast Asia are increasingly shifting their security priorities in response to evolving cyber‑threats. Whereas traditional defences focused on network perimeters and classic malware, recent research indicates that identity‑based attacks are rising rapidly. According to the IBM X‑Force 2025 Threat Intelligence Index, almost one‑third of intrusions in 2024 began with stolen or misused credentials. This trend has put identity management at the top of the investment agenda for financial institutions in the region, pushing endpoint security and real‑time threat detection into a deeper, supportive role.
Within the ASEAN context, this shift comes at a pivotal moment. Digital payment adoption, open banking initiatives, and cross‑border fintech expansion are all placing fresh pressure on financial systems. At the same time, adversaries are exploiting these very dynamics. The Financial Services Information Sharing and Analysis Centre (FS‑ISAC) recently reported that threat actors are leveraging generative AI to scale fraud efforts and exploiting supply‑chain vulnerabilities for operational impact. For firms operating across multiple jurisdictions—each with distinct regulatory regimes and consumer trust issues—the challenge is no longer just preventing cyber‑events, but proving resilience and managing reputational risk.
Why AI-powered cybersecurity is becoming essential Infrastructure in Southeast Asia’s digital economy
In practice, this means that risk frameworks must evolve, too. Financial firms are urged to move from broad defence strategies to risk‑driven models that prioritise identity governance, endpoint hardening and behavioural monitoring. Mapping the critical assets and high‑impact processes of a bank or payments provider enables resources to be allocated to where they matter most. Meanwhile, operational resilience mandates under regulators such as the Monetary Authority of Singapore and Australia’s Australian Prudential Regulation Authority reflect the expectation that business‑critical operations remain unaffected—even in the face of cyber‑incidents.
But even while threats become more sophisticated, many institutions continue to struggle with fundamentals such as patch management, multi‑factor authentication and credential hygiene. Human behaviour, hybrid working models and sprawling third‑party ecosystems exacerbate these weaknesses. Embedding cyber awareness into culture—supported by continuous micro‑learning, simulated phishing campaigns and leadership engagement—is increasingly vital.
At the same time, AI is offering both opportunities and risks. Financial institutions are keen to use AI for detecting anomalies, automating incident response and intelligence sharing. Yet they also recognise that AI systems themselves require governance, transparency and resilience. Striking that balance will determine not only which organisations stay safe, but which ones maintain the trust of their customers.
In Southeast Asia’s fast‑moving financial landscape, identity management is emerging as a strategic battleground. Firms that can integrate identity, endpoint and detection investments into a unified defence‑in‑depth strategy will gain both operational resilience and enduring competitive advantage. We speak to Christophe Barel, Managing Director, APAC at FS-ISAC, about the changing industry and how businesses are adapting.
Where do you see the fastest-growing areas of investment for financial institutions: threat detection, endpoint security, or identity management?
Driven by the increasingly sophisticated tactics of cyber adversaries in the financial services sector, threat detection, endpoint security, and identity management continue to be critical priorities for financial institutions.
Identity management is quickly rising to the top of the priority list. An IBM X-Force Threat Intelligence Index report indicates that identity-based attacks accounted for nearly a third of intrusions globally this year. With the proliferation of increasingly sophisticated scams and fraud, institutions need to be able to verify that individuals or entities requesting a service or making a transaction are actually who they claim to be.
Threat detection and endpoint security also remain essential for financial institutions. According to FS-ISAC reports, adversaries are actively leveraging emerging technologies like AI to ramp up the volume and sophistication of fraud, scale their reconnaissance, and exploit supply chain vulnerabilities more efficiently. Financial institutions need to adopt a defence-in-depth approach that emphasises strong identity management while also investing in advanced real-time threat detection to identify anomalies and flag potential breaches promptly. Coupled with strong endpoint security to protect against device and network compromise, this layered approach enables institutions to detect and respond to cyber attacks faster and minimise damage or loss.
How can firms practically assess and categorise these threats to avoid being caught off guard?
Firms should adopt a strategic risk-driven approach to managing cyber threats, with operational resilience at the core. This begins with developing a robust risk assessment framework to identify, categorise, and prioritise threats based on their potential impact and likelihood. By mapping out the firm’s critical assets and processes, resources can be channelled towards high-priority areas that would have the most impact.
To avoid being caught off guard, it’s important to establish a protocol for incident response and recovery to support business continuity. When properly conducted, the protocol will help ensure that the firm’s operations can continue should a breach happen. Continuous monitoring and real-time threat detection help firms identify anomalies early and respond quickly to incidents. Beyond internal measures, visibility into external threat landscapes is equally vital. Threat actors often test attacks in one region before expanding elsewhere, making global collective intelligence critical. Trusted information exchanges allow firms to benchmark exposure, spot emerging patterns, and shift from reactive to proactive risk mitigation.
Many breaches still result from weak cyber hygiene. Why do organisations continue to struggle with fundamentals such as patch management and password policies, despite years of awareness campaigns?
With more employees working remotely or in hybrid arrangements and accessing systems via cloud platforms, the attack surface has grown, making it even more challenging for organisations to maintain strong cyber hygiene practices. Lapses in cyber hygiene practices remain a major contributor to breaches, as human behaviour remains the biggest vulnerability. Even with clear cyber hygiene policies and awareness, employees may choose to bypass requirements if processes seem onerous, leaving systems vulnerable.
Out of convenience, employees may reuse weak passwords, share credentials, or delay updating them. Employees might feel that software updates disrupt workflows and are tedious, leading to delays or skipped patches. Awareness is important but often insufficient because it only addresses knowledge, not habits. To strengthen cyber fundamentals, organisations need to prioritise practical training that addresses real-world behaviours in the workplace, implement tools that automate security tasks such as patching, and ensure leadership reinforces cybersecurity as a shared responsibility. This approach should extend beyond internal teams to include third-party vendors, ensuring that all parties adhere to strong cyber hygiene practices, leaving no gaps in security. Aligning employee behaviour with practical tools and processes and implementing holistic third-party oversight enables firms to consistently ensure good cyber hygiene across the organisation.
Regulatory bodies are also stepping in to enforce cyber hygiene. In Singapore, the Monetary Authority of Singapore issued the Notice FSM-N22 on Cyber Hygiene in 2024, which mandates financial institutions to implement measures such as security patching, strong multi-factor authentication, and access controls.
The “human firewall” concept suggests employees can be both the weakest link and the first line of defence. What steps can financial institutions take to embed cyber awareness into company culture beyond annual training?
Embedding cyber awareness into company culture requires making security part of everyday workplace behaviour. Continuous engagement through short learning modules, phishing simulations, and real-time prompts can help keep employees alert without overwhelming them. Leadership also plays a critical role. When executives openly discuss cyber risks, reward secure behaviour, and model best practices, it reinforces that vigilance is everyone’s responsibility, not just IT’s.
Equally important is equipping employees with the right tools, such as antivirus software, malware protection, and password managers, which help simplify security practices and ingrain good cyber hygiene habits. Easy and accessible incident reporting channels are also crucial. When employees can report suspicious activity without fear of blame, organisations detect threats earlier and respond more effectively. To further bolster operational resilience, scenario-based training and exercises help staff build muscle memory for how to respond to cyber threats, fostering a culture of vigilance and preparedness.
How can financial institutions strike the right balance between adopting AI for efficiency and managing the risks it introduces?
Striking the right balance comes down to strong governance, operational resilience, and well-trained staff. Firms need clear accountability for how AI systems use, monitor, and secure data. This includes setting ethical AI use policies, conducting regular audits, building transparency into decision-making, and keeping sensitive information out of public large language models (LLMs). To be prepared for potential AI-driven cyber incidents, firms should take a proactive approach to integrating cyber threats into existing risk management frameworks by conducting stress tests and updating incident response plans. Ongoing employee training should also be prioritised to help employees recognise AI-enabled threats, uphold security protocols, and respond swiftly to incidents. Through robust governance, operational resilience measures, and keeping teams informed, financial institutions can adopt AI responsibly, leveraging its benefits while keeping risks in check.
Financial regulators are increasingly emphasising operational resilience. How can collaborative information sharing between banks, regulators, and cybersecurity providers become a meaningful deterrent to regional cybercrime?
Operational resilience has become a regulatory imperative, especially as cross-border cyber threats demand coordinated, sector-wide responses. Given the interconnectedness of the financial system and the borderless nature of cyber threats, collaborative information sharing is essential to deterring cybercrime.
By exchanging threat intelligence, financial firms, regulators, and cybersecurity providers gain insight into adversary tactics, reduce response times, and mitigate risks before they escalate. Coordinated sharing helps close gaps in the ecosystem’s defences, making it harder for attackers to exploit the lack of oversight in the financial system. This emphasis on sector-wide preparedness is also reflected in regulations such as the Australian Prudential Regulation Authority (APRA)’s Prudential Standard CPS 230, which emphasises that financial institutions must be able to manage operational risk and maintain critical operations even during disruptions, including where third parties are involved.
Sector-developed frameworks such as shared playbooks that define roles, escalation paths, and communication protocols across institutions have also proven valuable in strengthening coordination and improving collective readiness.
Cross-border exercises can further strengthen resilience by giving institutions the chance to collectively stress test their resilience. Joint exercises help create a united defence among potential targets, while teaching individual firms how to respond consistently, quickly, and effectively. Defenders who engage in training are also more prepared to safeguard the trust of regulators, markets, and consumers alike.
Consumer trust is fragile after major breaches like the Singtel Optus incident in Australia and regional ransomware attacks. What role should transparency and communication play in rebuilding public confidence after a breach?
Consumer trust is the bedrock of financial services. When breaches or outages to digital operations occur, trust can be quickly eroded and affect how customers engage with institutions. In these moments, transparency and communication become just as important as technical recovery. Clear, timely, and empathetic communication is needed to reassure customers that the situation is under control. This includes explaining the situation at hand, the steps customers need to take, and outlining what measures are in place to prevent recurrence.
Preparation is also key. Institutions that develop communication playbooks can respond more swiftly, consistently, and confidently under pressure. Evidence shows just how much is at stake. A global study by Accenture found that 62 percent of customers lose confidence in their bank after a breach, and 43 percent stop engaging altogether. But when handled well, transparency not only mitigates reputational harm but can demonstrate accountability and even strengthen trust over time. By treating communication as an integral part of incident response, financial institutions can turn moments of disruption into opportunities to show resilience and reinforce their commitment to customers.