As implementation of emerging technologies accelerates, operational resilience, technology risk management, and adaptive oversight will be fundamental to maintaining stability in financial markets.
Regulators and institutions must act to raise awareness of emerging threats, enhance readiness, and strengthen technology governance, global financial regulators and experts said during a closed-door meeting.
The session, hosted by the Dubai Financial Services Authority (DFSA) at the Dubai Fintech Summit 2025 in May 2025, bought together 70 representatives from 18 financial regulatory authorities from across the globe, alongside senior experts from the Bank for International Settlements (BIS) Innovation Hub and the International Monetary Fund. These participants examined how cybersecurity, AI, and quantum technologies intersect, discussing practical measures to address the evolving risk landscape, and reflecting on current progress and persistent gaps.
An evolving cyber threat landscape
Participants warned of the evolving cyber threat landscape, highlighting that cyber threats are becoming more sophisticated and harder to control because they easily cross borders and affect many different industries at once.
They emphasized the shift from ransomware encryption towards double extortion, which combines data encryption with threats to leak stolen information, as well as the growing use of AI for social engineering. They also noted that threat actors are increasingly attacking newer technologies such as Internet-of-Things (IoT) devices with physical sensors and supply chains, and are using legitimate tools to evade detection mechanisms.
To manage these risks, these experts agreed on the need to balance innovation with robust cybersecurity. They advised on strengthening basic defenses, such as keeping software up to date, dividing networks to limit damage, training employees to spot threats, using strong access controls and multifactor authentication, sharing information about threats, and carefully managing risks from third parties like suppliers and partners, while also emphasizing the importance of cross-sector and public-private collaboration as cyber-attacks become orchestrated at industrial scale and are no longer isolated events.
Regulators, meanwhile, should provide guidance on quantum and AI-related risks, and raise awareness about these threats. They should also embed cybersecurity into supervisory assessments, and build their own skills and suptech tools to monitor and respond to cyber and emerging technology risks.
Quantum risk evolution
Quantum risks were another key topic of discussion. Quantum computers, which utilize quantum mechanics to process information, have the potential to revolutionize fields like cryptography, drug discovery, and complex optimization by solving problems exponentially faster than classical computers. However, these same capabilities also pose significant cybersecurity risks.
Such powerful quantum computers could theoretically break widely used encryption methods that currently secure online banking, payment systems, and other digital payments. And while these computers, called cryptographically relevant quantum computers (CRQCs), don’t exist yet, they could emerge by 2030-2040, emphasizing the urgency to prepare for a post-quantum world now.
Participants warned that the financial sector is likely to be among the prime targets for quantum threats because of the high value of financial assets transactions financial institutions process. Though the space benefit from strong governance structures and prudential frameworks, important gaps persist, including limited awareness of quantum threats, incomplete inventory of vulnerable systems, and slow global standardization and interoperability.
Against this backdrop, experts highlighted that regulatory authorities have a vital role to play in raising awareness on quantum threat, and supporting gradual transition planning. They should also consider introducing regulatory sandboxes for experimentation, cross-border collaboration, and scenario planning that simulate quantum-risk impacts to better prepare for the challenges that quantum technologies may bring.
AI risk oversight
Finally, the group examined the risks associated with the growing adoption of AI in financial services. First, they noted that financial institutions process large volumes of highly sensitive personal and financial data that are increasingly used to train complex machine learning (ML) models. This enhances the risks of data breaches and intellectual property theft.
They also emphasized that AI expands the attack surface for cyber threats, and introduces new points of failure not present in traditional information and communication technology infrastructure, such as data pipelines and ML models. Meanwhile, threat actors are increasingly incorporating AI into their offensive toolkits to enhance, automate, and scale cyberattacks, as well as to adapt to counter-defensive measures.
Experts also highlighted the growing resilience on a limited number of dominant AI providers, contributing to supply chain concentration risk and heightening the risk of systemic disruptions in the event of supply chain incidents. They also drew attention to the expanding influence of bigtech companies across the AI ecosystem.
Participants encouraged regulators to map supply chains and assess concentration risks across critical technology providers. They also stressed the importance of balancing innovation with adequate oversight, advising for principle-based approaches, and an adaptive, learning-focused posture to respond more effectively to the evolving nature of AI applications.
The potential of quantum computing and AI
Quantum computing and AI are transforming technologies poised to transform the financial services and banking industry by accelerating secure transaction processing, revolutionizing risk analysis, optimizing complex portfolios, and enhancing fraud detection.
McKinsey estimates that quantum computing use cases in the finance industry could create US$622 billion in value by 2035. Meanwhile, generative AI (genAI), a subset of AI that creates new content, could add as much as US$340 billion a year in additional value, representing 2.8% to 4.7% of total industry revenues, largely through increased productivity.
However, genAI also introduces risks, such as deepfake and fraud. Deloitte’s Center for Financial Services predicts that genAI could enable fraud losses to reach US$40 billion in the US by 2027, from US$12.3 billion in 2023.
Despite these challenges, adoption is accelerating rapidly. According to the latest McKinsey Global Survey on AI, 78% of respondents said that their organizations used AI in at least one business function as of late 2024, up from 55% a year earlier. Boston Consulting Group (BCG)’s AI Radar found that one in three financial institutions plans to spend over US$25 million on AI in 2025, and some will spend in the range of 0.5% to 1% of revenues towards AI technologies.
Featured image by freepik on Freepik
