AI has already had a significant impact on the tech industry, rapidly evolving software development, data analysis, and automation. However, its potential extends into all industries – from the precision of agriculture to the intricacies of life sciences research, and the enhanced customer experiences across multiple sectors.
While we have seen the widespread adoption of AI-powered productivity tools, 2025 promises a bigger transformation. Organisations across industries will shift focus from mere innovation to quantifiable value. In sectors where AI has already shown early success, businesses will aim to scale these applications to directly impact their revenue and profitability. In others, it will accelerate research, leading to groundbreaking discoveries and innovations in the years to come. Regardless of the specific industry, one thing is certain: AI will be a driving force, reshaping business models and competitive landscapes.
Ecosystm analysts Alan Hesketh, Clay Miller, Peter Carr, Sash Mukherjee, and Steve Shipley present the top trends shaping key industries in 2025.
Click here to download ‘AI’s Impact on Industry in 2025’ as a PDF
1. GenAI Virtual Agents Will Reshape Public Sector Efficiency
Operating within highly structured, compliance-driven environments, public sector organisations are well-positioned to benefit from GenAI Agents.
These agents excel when powered LLMs tailored to sector-specific needs, informed by documented legislation, regulations, and policies. The result will be significant improvements in how governments manage rising service demands and enhance citizen interactions. From automating routine enquiries to supporting complex administrative processes, GenAI Virtual Agents will enable public sector to streamline operations without compromising compliance. Crucially, these innovations will also address jurisdictional labour and regulatory requirements, ensuring ethical and legal adherence. As GenAI technology matures, it will reshape public service delivery by combining scalability, precision, and responsiveness.
2. Healthcare Will Lead in Innovation; Lag in Adoption
In 2025, healthcare will undergo transformative innovations driven by advancements in AI, remote medicine, and biotechnology. Innovations will include personalised healthcare driven by real-time data for tailored wellness plans and preventive care, predictive AI tackling global challenges like aging populations and pandemics, virtual healthcare tools like VR therapy and chatbots enhancing accessibility, and breakthroughs in nanomedicine, digital therapeutics, and next-generation genomic sequencing.
Startups and innovators will often lead the way, driven by a desire to make an impact.
However, governments will lack the will to embrace these technologies. After significant spending on crisis management, healthcare ministries will likely hesitate to commit to fresh large-scale investments.
3. Agentic AI Will Move from Bank Credit Recommendation to Approval
Through 2024, we have seen a significant upturn in Agentic AI making credit approval recommendations, providing human credit managers with the ability to approve more loans more quickly. Yet, it was still the mantra that ‘AI recommends—humans approve.’ That will change in 2025.
AI will ‘approve’ much more and much larger credit requests.
The impact will be multi-faceted: banks will greatly enhance client access to credit, offering 24/7 availability and reducing the credit approval and origination cycle to mere seconds. This will drive increased consumer lending for high-value purchases, such as major appliances, electronics, and household goods.
4. AI-Powered Demand Forecasting Will Transform Retail
There will be a significant shift away from math-based tools to predictive AI using an organisation’s own data. This technology will empower businesses to analyse massive datasets, including sales history, market trends, and social media, to generate highly accurate demand predictions. Adding external influencing factors such as weather and events will be simplified.
The forecasts will enable companies to optimise inventory levels, minimise stockouts and overstock situations, reduce waste, and increase profitability. Early adopters are already leveraging AI to anticipate fashion trends and adjust production accordingly.
No more worrying about capturing “Demand Influencing Factors” – it will all be derived from the organisation’s data.
5. AI-Powered Custom-Tailored Insurance Will Be the New Norm
Insurers will harness real-time customer data, including behavioural patterns, lifestyle choices, and life stage indicators, to create dynamic policies that adapt to individual needs. Machine learning will process vast datasets to refine risk predictions and deliver highly personalised coverage. This will produce insurance products with unparalleled relevance and flexibility, closely aligning with each policyholder’s changing circumstances. Consumers will enjoy transparent pricing and tailored options that reflect their unique risk profiles, often resulting in cost savings. At the same time, insurers will benefit from enhanced risk assessment, reduced fraud, and increased customer satisfaction and loyalty.
This evolution will redefine the customer-insurer relationship, making insurance a more dynamic and responsive service that adjusts to life’s changes in real-time.
Over the past year, Ecosystm has conducted extensive research, including surveys and in-depth conversations with industry leaders, to uncover the most pressing topics and trends. And unsurprisingly, AI emerged as the dominant theme.
Here are some insights from our research.
Click here to download ‘AI in BFSI: Success Stories & Insights’ as a PDF
From personalised recommendations to streamlined operations, AI is transforming the products, services and processes in the BFSI industries. While leaders realise that AI holds significant potential, turning that potential into reality is often tough. Many BFSI organisations struggle to move beyond AI pilots because of some key barriers.
Despite the challenges, BFSI organisations are witnessing early AI success in these 3 areas:
- 1. Customer Service & Engagement
- 2. Risk Management & Fraud Detection
- 3. Process Automation & Efficiency
Customer Service & Engagement Use Cases
- Virtual Assistants and Chatbots. Delivering real-time product information and customer support
- Customer Experience Analysis. Analysing data to uncover trends and improve user experiences
- Personalised Recommendations. Providing tailored financial products based on user behaviour and preferences
“While we remain cautious about customer-facing applications, many of our AI use cases provide valuable customer insights to our employees. Human-in-the-loop is still a critical consideration.” – INSURANCE CX LEADER
Risk Management & Fraud Detection Use Cases
- Enhanced Credit Scoring. Improved assessment of creditworthiness and risks
- Advanced Fraud Detection. Easier detection and prevention of fraudulent activities
- Comprehensive Risk Strategy. Assessment of risk factors to develop effective strategies
“We deployed enterprise-grade AI models that are making a significant impact in specialised areas like credit decisioning and risk modelling.” – BANKING DATA LEADER
Process Automation and Efficiency
- Backend Process Streamlining. Automating workflows and processes to boost efficiency
- Loan & Claims Processing. Speeding up application and approval processes
- Invoice Processing. Automating invoice management to minimise errors
“Our focus is on creating a mindset where employees see AI as a tool that can augment their capabilities rather than replace them.” – BANKING COO
Southeast Asia’s banking sector is poised for significant digital transformation. With projected Net Interest Income reaching USD 148 billion by 2024, the market is ripe for continued growth. While traditional banks still hold a dominant position, digital players are making significant inroads. To thrive in this evolving landscape, financial institutions must adapt to rising customer expectations, stringent regulations, and the imperative for resilience. This will require a seamless collaboration between technology and business teams.
To uncover how banks in Southeast Asia are navigating this complex landscape and what it takes to succeed, Ecosystm engaged in in-depth conversations with senior banking executives and technology leaders as part of our research initiatives. Here are the highlights of the discussions with leaders across the region.
#1 Achieving Hyper-Personalisation Through AI
As banks strive to deliver highly personalised financial services, AI-driven models are becoming increasingly essential. These models analyse customer behaviour to anticipate needs, predict future behaviour, and offer relevant services at the right time. AI-powered tools like chatbots and virtual assistants further enhance real-time customer support.
Hyper-personalisation, while promising, comes with its challenges – particularly around data privacy and security. To deliver deeply tailored services, banks must collect extensive customer information, which raises the question: how can they ensure this sensitive data remains protected?
AI projects require a delicate balance between innovation and regulatory compliance. Regulations often serve as the right set of guardrails within which banks can innovate. However, banks – especially those with cross-border operations – must establish internal guidelines that consider the regulatory landscape of multiple jurisdictions.
#2 Beyond AI: Other Emerging Technologies
AI isn’t the only emerging technology reshaping Southeast Asian banking. Banks are increasingly adopting technologies like Robotic Process Automation (RPA) and blockchain to boost efficiency and engagement. RPA is automating repetitive tasks, such as data entry and compliance checks, freeing up staff for higher-value work. CIMB in Malaysia reports seeing a 35-50% productivity increase thanks to RPA. Blockchain is being explored for secure, transparent transactions, especially cross-border payments. The Asian Development Bank successfully trialled blockchain for faster, safer bond settlements. While AR and VR are still emerging in banking, they offer potential for enhanced customer engagement. Banks are experimenting with immersive experiences like virtual branch visits and interactive financial education tools.
The convergence of these emerging technologies will drive innovation and meet the rising demand for seamless, secure, and personalised banking services in the digital age. This is particularly true for banks that have the foresight to future-proof their tech foundation as part of their ongoing modernisation efforts. Emerging technologies offer exciting opportunities to enhance customer engagement, but they shouldn’t be used merely as marketing gimmicks. The focus must be on delivering tangible benefits that improve customer outcomes.
#3 Greater Banking-Fintech Collaboration
The digital payments landscape in Southeast Asia is experiencing rapid growth, with a projected 10% increase between 2024-2028. Digital wallets and contactless payments are becoming the norm, and platforms like GrabPay, GoPay, and ShopeePay are dominating the market. These platforms not only offer convenience but also enhance financial inclusion by reaching underbanked populations in remote areas.
The rise of digital payments has significantly impacted traditional banks. To remain relevant in this increasingly cashless society, banks are collaborating with fintech companies to integrate digital payment solutions into their services. For instance, Indonesia’s Bank Mandiri collaborated with digital credit services provider Kredivo to provide customers with access to affordable and convenient credit options.
Partnerships between traditional banks and fintechs are essential for staying competitive in the digital age, especially in areas like digital payments, data analytics, and customer experience.
While these collaborations offer opportunities, they also pose challenges. Banks must invest in advanced fraud detection, AI monitoring, and robust authentication to secure digital payments. Once banks adopt a mindset of collaboration with innovators, they can leverage numerous innovations in the cybersecurity space to address these challenges.
#4 Agile Infrastructure for an Agile Business
While the banking industry is considered a pioneer in implementing digital technologies, its approach to cloud has been more cautious. While interest remained high, balancing security and regulatory concerns with cloud agility impacted the pace. Hybrid multi-cloud environments has accelerated banking cloud adoption.
Leveraging public and private clouds optimises IT costs, offering flexibility and scalability for changing business needs. Hybrid cloud allows resource adjustments for peak demand or cost reductions off-peak. Access to cloud-native services accelerates innovation, enabling rapid application development and improved competitiveness. As the industry adopts GenAI, it requires infrastructure capable of handling vast data, massive computing power, advanced security, and rapid scalability – all strengths of hybrid cloud.
Replicating critical applications and data across multiple locations ensures disaster recovery and business continuity. A multi-cloud strategy also helps avoid vendor lock-in, diversifies cloud providers, and reduces exposure to outages.
Hybrid cloud adoption offers benefits but also presents challenges for banks. Managing the environment is complex, needing coordination across platforms and skilled personnel. Ensuring data security and compliance across on-prem and public cloud infrastructure is demanding, requiring robust measures. Network latency and performance issues can arise, making careful design and optimisation crucial. Integrating on-prem systems with public cloud services is time-consuming and needs investment in tools and expertise.
#5 Cyber Measures to Promote Customer & Stakeholder Trust
The banking sector is undergoing rapid AI-driven digital transformation, focusing on areas like digital customer experiences, fraud detection, and risk assessment. However, this shift also increases cybersecurity risks, with the majority of banking technology leaders anticipate inevitable data breaches and outages.
Key challenges include expanding technology use, such as cloud adoption and AI integration, and employee-related vulnerabilities like phishing. Banks in Southeast Asia are investing heavily in modernising infrastructure, software, and cybersecurity.
Banks must update cybersecurity strategies to detect threats early, minimise damage, and prevent lateral movement within networks.
Employee training, clear security policies, and a culture of security consciousness are critical in preventing breaches.
Regulatory compliance remains a significant concern, but banks are encouraged to move beyond compliance checklists and adopt risk-based, intelligence-led strategies. AI will play a key role in automating compliance and enhancing Security Operations Centres (SOCs), allowing for faster threat detection and response. Ultimately, the BFSI sector must prioritise cybersecurity continuously based on risk, rather than solely on regulatory demands.
Breaking Down Barriers: The Role of Collaboration in Banking Transformation
Successful banking transformation hinges on a seamless collaboration between technology and business teams. By aligning strategies, fostering open communication, and encouraging cross-functional cooperation, banks can effectively leverage emerging technologies to drive innovation, enhance customer experience, and improve efficiency.
A prime example of the power of collaboration is the success of AI initiatives in addressing specific business challenges.
This user-centric approach ensures that technology addresses real business needs.
By fostering a culture of collaboration, banks can promote continuous learning, idea sharing, and innovation, ultimately driving successful transformation and long-term growth in the competitive digital landscape.
Despite financial institutions’ unwavering efforts to safeguard their customers, scammers continually evolve to exploit advancements in technology. For example, the number of scams and cybercrimes reported to the police in Singapore increased by a staggering 49.6% to 50,376 at an estimated cost of USD 482M in 2023. GenAI represents the latest challenge to the industry, providing fraudsters with new avenues for deception.
Ecosystm research shows that BFSI organisations in Asia Pacific are spending more on technologies to authenticate customer identity and prevent fraud, than they are in their Know Your Customer (KYC) processes.
The Evolution of the Threat Landscape in BFSI
Synthetic Identity Fraud. This involves the creation of fictitious identities by combining real and fake information, distinct from traditional identity theft where personal data is stolen. These synthetic identities are then exploited to open fraudulent accounts, obtain credit, or engage in financial crimes, often evading detection due to their lack of association with real individuals. The Deloitte Centre for Financial Services predicts that synthetic identity fraud will result in USD 23B in losses by 2030. Synthetic fraud is posing significant challenges for financial institutions and law enforcement agencies, especially with the emergence of advanced technologies like GenAI being used to produce realistic documents blending genuine and false information, undermining Know Your Customer (KYC) protocols.
AI-Enhanced Phishing. Ecosystm research reveals that in Asia Pacific, 71% of customer interactions in BFSI occur across multiple digital channels, including mobile apps, emails, messaging, web chats, and conversational AI. In fact, 57% of organisations plan to further improve customer self-service capabilities to meet the demand for flexible and convenient service delivery. The proliferation of digital channels brings with it an increased risk of phishing attacks.
While these organisations continue to educate their customers on how to secure their accounts in a digital world, GenAI poses an escalating threat here as well. Phishing schemes will employ widely available LLMs to generate convincing text and even images. For many potential victims, misspellings and strangely worded appeals are the only hint that an email from their bank is not what it seems. The maturing of deepfake technology will also make it possible for malicious agents to create personalised voice and video attacks.
Identity Fraud Detection and Prevention
Although fraudsters are exploiting every new vulnerability, financial organisations also have new tools to protect their customers. Organisations should build a layered defence to prevent increasingly sophisticated attempts at fraud.
- Behavioural analytics. Using machine learning, financial organisations can differentiate between standard activities and suspicious behaviour at the account level. Data that can be analysed includes purchase patterns, unusual transaction values, VPN use, browser choice, log-in times, and impossible travel. Anomalies can be flagged, and additional security measures initiated to stem the attack.
- Passive authentication. Accounts can be protected even before password or biometric authentication by analysing additional data, such as phone number and IP address. This approach can be enhanced by comparing databases populated with the details of suspicious actors.
- SIM swap detection. SMS-based MFA is vulnerable to SIM swap attacks where a customer’s phone number is transferred to the fraudster’s own device. This can be prevented by using an authenticator app rather than SMS. Alternatively, SIM swap history can be detected before sending one-time passwords (OTPs).
- Breached password detection. Although customers are strongly discouraged to reuse passwords across sites, some inevitably will. By employing a service that maintains a database of credentials leaked during third-party breaches, it is possible to compare with active customer passwords and initiate a reset.
- Stronger biometrics. Phone-based fingerprint recognition has helped financial organisations safeguard against fraud and simplify the authentication experience. Advances in biometrics continue with recognition for faces, retina, iris, palm print, and voice making multimodal biometric protection possible. Liveness detection will grow in importance to combat against AI-generated content.
- Step-up validation. Authentication requirements can be differentiated according to risk level. Lower risk activities, such as balance check or internal transfer, may only require minimal authentication while higher risk ones, like international or cryptocurrency transactions may require a step up in validation. When anomalous behaviour is detected, even greater levels of security can be initiated.
Recommendations
- Reduce friction. While it may be tempting to implement heavy handed approaches to prevent fraud, it is also important to minimise friction in the authentication system. Frustrated users may abandon services or find risky ways to circumvent security. An effective layered defence should act in the background to prevent attackers getting close.
- AI Phishing Awareness. Even the savviest of customers could fall prey to advanced phishing attacks that are using GenAI. Social engineering at scale becomes increasingly more possible with each advance in AI. Monitor emerging global phishing activities and remind customers to be ever vigilant of more polished and personalised phishing attempts.
- Deploy an authenticator app. Consider shifting away from OTP SMS as an MFA method and implement either an authenticator app or one embedded in the financial app instead.
- Integrate authentication with fraud analytics. Select an authentication provider that can integrate its offering with analytics to identify fraud or unusual behaviour during account creation, log in, and transactions. The two systems should work in tandem.
- Take a zero-trust approach. Protecting both customers and employees is critical, particularly in the hybrid work era. Implement zero trust tools to prevent employees from falling victim to malicious attacks and minimising damage if they do.
Banks, insurers, and other financial services organisations in Asia Pacific have plenty of tech challenges and opportunities including cybersecurity and data privacy management; adapting to tech and customer demands, AI and ML integration; use of big data for personalisation; and regulatory compliance across business functions and transformation journeys.
Modernisation Projects are Back on the Table
An emerging tech challenge lies in modernising, replacing, or retiring legacy platforms and systems. Many banks still rely on outdated core systems, hindering agility, innovation, and personalised customer experiences. Migrating to modern, cloud-based systems presents challenges due to complexity, cost, and potential disruptions. Insurers are evaluating key platforms amid evolving customer needs and business models; ERP and HCM systems are up for renewal; data warehouses are transforming for the AI era; even CRM and other CX platforms are being modernised as older customer data stores and models become obsolete.
For the past five years, many financial services organisations in the region have sidelined large legacy modernisation projects, opting instead to make incremental transformations around their core systems. However, it is becoming critical for them to take action to secure their long-term survival and success.
Benefits of legacy modernisation include:
- Improved operational efficiency and agility
- Enhanced customer experience and satisfaction
- Increased innovation and competitive advantage
- Reduced security risks and compliance costs
- Preparation for future technologies
However, legacy modernisation and migration initiatives carry significant risks. For instance, TSB faced a USD 62M fine due to a failed mainframe migration, resulting in severe disruptions to branch operations and core banking functions like telephone, online, and mobile banking. The migration failure led to 225,492 complaints between 2018 and 2019, affecting all 550 branches and required TSB to pay more than USD 25M to customers through a redress program.
Modernisation Options
- Rip and Replace. Replacing the entire legacy system with a modern, cloud-based solution. While offering a clean slate and faster time to value, it’s expensive, disruptive, and carries migration risks.
- Refactoring. Rewriting key components of the legacy system with modern languages and architectures. It’s less disruptive than rip-and-replace but requires skilled developers and can still be time-consuming.
- Encapsulation. Wrapping the legacy system with a modern API layer, allowing integration with newer applications and tools. It’s quicker and cheaper than other options but doesn’t fully address underlying limitations.
- Microservices-based Modernisation. Breaking down the legacy system into smaller, independent services that can be individually modernised over time. It offers flexibility and agility but requires careful planning and execution.
Financial Systems on the Block for Legacy Modernisation
Data Analytics Platforms. Harnessing customer data for insights and targeted offerings is vital. Legacy data warehouses often struggle with real-time data processing and advanced analytics.
CRM Systems. Effective customer interactions require integrated CRM platforms. Outdated systems might hinder communication, personalisation, and cross-selling opportunities.
Payment Processing Systems. Legacy systems might lack support for real-time secure transactions, mobile payments, and cross-border transactions.
Core Banking Systems (CBS). The central nervous system of any bank, handling account management, transactions, and loan processing. Many Asia Pacific banks rely on aging, monolithic CBS with limited digital capabilities.
Digital Banking Platforms. While several Asia Pacific banks provide basic online banking, genuine digital transformation requires mobile-first apps with features such as instant payments, personalised financial management tools, and seamless third-party service integration.
Modernising Technical Approaches and Architectures
Numerous technical factors need to be addressed during modernisation, with decisions needing to be made upfront. Questions around data migration, testing and QA, change management, data security and development methodology (agile, waterfall or hybrid) need consideration.
Best practices in legacy migration have taught some lessons.
Adopt a data fabric platform. Many organisations find that centralising all data into a single warehouse or platform rarely justifies the time and effort invested. Businesses continually generate new data, adding sources, and updating systems. Managing data where it resides might seem complex initially. However, in the mid to longer term, this approach offers clearer benefits as it reduces the likelihood of data discrepancies, obsolescence, and governance challenges.
Focus modernisation on the customer metrics and journeys that matter. Legacy modernisation need not be an all-or-nothing initiative. While systems like mainframes may require complete replacement, even some mainframe-based software can be partially modernised to enable services for external applications and processes. Assess the potential of modernising components of existing systems rather than opting for a complete overhaul of legacy applications.
Embrace the cloud and SaaS. With the growing network of hyperscaler cloud locations and data centres, there’s likely to be a solution that enables organisations to operate in the cloud while meeting data residency requirements. Even if not available now, it could align with the timeline of a multi-year legacy modernisation project. Whenever feasible, prioritise SaaS over cloud-hosted applications to streamline management, reduce overhead, and mitigate risk.
Build for customisation for local and regional needs. Many legacy applications are highly customised, leading to inflexibility, high management costs, and complexity in integration. Today, software providers advocate minimising configuration and customisation, opting for “out-of-the-box” solutions with room for localisation. The operations in different countries may require reconfiguration due to varying regulations and competitive pressures. Architecting applications to isolate these configurations simplifies system management, facilitating continuous improvement as new services are introduced by platform providers or ISV partners.
Explore the opportunity for emerging technologies. Emerging technologies, notably AI, can significantly enhance the speed and value of new systems. In the near future, AI will automate much of the work in data migration and systems integration, reducing the need for human involvement. When humans are required, low-code or no-code tools can expedite development. Private 5G services may eliminate the need for new network builds in branches or offices. AIOps and Observability can improve system uptime at lower costs. Considering these capabilities in platform decisions and understanding the ecosystem of partners and providers can accelerate modernisation journeys and deliver value faster.
Don’t Let Analysis Paralysis Slow Down Your Journey!
Yes, there are a lot of decisions that need to be made; and yes, there is much at stake if things go wrong! However, there’s a greater risk in not taking action. Maintaining a laser-focus on the customer and business outcomes that need to be achieved will help align many decisions. Keeping the customer experience as the guiding light ensures organisations are always moving in the right direction.
Setting and achieving Sustainability goals is complex in BFSI. To be truly sustainable, organisations need to:
- Reduce internal energy consumption and carbon footprint
- Fund the transition to decarbonisation in high emission industries
- Introduce “green” customer products and services
- Monitor carbon data for financed emissions
Data and AI have the potential to assist in achieving these objectives, provided they are used effectively. Here is how.
Download ‘Driving Sustainability with Data and AI in Financial Services’ as a PDF
Ecosystm research reveals a stark reality: 75% of technology leaders in Financial Services anticipate data breaches.
Given the sector’s regulatory environment, data breaches carry substantial financial implications, emphasising the critical importance of giving precedence to cybersecurity. This is compelling a fresh cyber strategy focused on early threat detection and reduction of attack impact.
Read on to find out how tech leaders are building a culture of cyber-resilience, re-evaluating their cyber policies, and adopting technologies that keep them one step ahead of their adversaries.
Download ‘Cyber-Resilience in Finance: People, Policy & Technology’ as a PDF
Fintechs have carved out a niche both in their customer-centric approach and in crafting solutions for underserved communities without access to traditional financial services. Irrespective of their objectives, there is an immense reliance on innovation for lower-cost, personalised, and more convenient services.
However, a staggering 75% of venture-backed fintech startups fail to scale and grow – and this applies to fintechs as well.
Here are the 5 areas that fintechs need to focus on to succeed in a competitive market.
Download ‘Building a Successful Fintech Business’ as a PDF
The Banking, Financial Services, and Insurance (BFSI) industry, known for its cautious stance on technology, is swiftly undergoing a transformational modernisation journey. Areas such as digital customer experiences, automated fraud detection, and real-time risk assessment are all part of a technology-led roadmap. This shift is transforming the cybersecurity stance of BFSI organisations, which have conventionally favoured centralising everything within a data centre behind a firewall.
Ecosystm research finds that 75% of BFSI technology leaders believe that a data breach is inevitable. This requires taking a new cyber approach to detect threats early, reduce the impact of an attack, and avoid lateral movement across the network.
BFSI organisations will boost investments in two main areas over the next year: updating infrastructure and software, and exploring innovative domains like digital workplaces and automation. Cybersecurity investments are crucial in both of these areas.
As a regulated industry, breaches come with significant cost implications, underscoring the need to prioritise cybersecurity. BFSI cybersecurity and risk teams need to constantly reassess their strategies for safeguarding data and fulfilling compliance obligations, as they explore ways to facilitate new services for customers, partners, and employees.
The primary concerns of BFSI CISOs can be categorised into two distinct groups:
- Expanding Technology Use. This includes the proliferation of applications and devices, as well as data access beyond the network perimeter.
- Employee-Related Vulnerabilities. This involves responses to phishing and malware attempts, as well as intentional and unintentional misuse of technology.
Vulnerabilities Arising from Employee Actions
Security vulnerabilities arising from employee actions and unawareness represent a significant and ongoing concern for businesses of all sizes and industries – the risks are just much bigger for BFSI. These vulnerabilities can lead to data breaches, financial losses, damage to reputation, and legal ramifications. A multi-pronged approach is needed that combines technology, training, policies, and a culture of security consciousness.
Training and Culture. BFSI organisations prioritise comprehensive training and awareness programs, educating employees about common threats like phishing and best practices for safeguarding sensitive data. While these programs are often ongoing and adaptable to new threats, they can sometimes become mere compliance checklists, raising questions about their true effectiveness. Conducting simulated phishing attacks and security quizzes to assess employee awareness and identify areas where further training is required, can be effective.
To truly educate employees on risks, it’s essential to move beyond compliance and build a cybersecurity culture throughout the organisation. This can involve setting organisation-wide security KPIs that cascade from the CEO down to every employee, promoting accountability and transparency. Creating an environment where employees feel comfortable reporting security concerns is critical for early threat detection and mitigation.
Policies. Clear security policies and enforcement are essential for ensuring that employees understand their roles within the broader security framework, including responsibilities on strong password use, secure data handling, and prompt incident reporting. Implementing the principle of least privilege, which restricts access based on specific roles, mitigates potential harm from insider threats and inadvertent data exposure. Policies should evolve through routine security audits, including technical assessments and evaluations of employee protocol adherence, which will help organisations with a swifter identification of vulnerabilities and to take the necessary corrective actions.
However, despite the best efforts, breaches do happen – and this is where a well-defined incident response plan, that is regularly tested and updated, is crucial to minimise the damage. This requires every employee to know their roles and responsibilities during a security incident.
Tech Expansion Leading to Cyber Complexity
Cloud. Initially hesitant to transition essential workloads to the cloud, the BFSI industry has experienced a shift in perspective due to the rise of inventive SaaS-based Fintech tools and hybrid cloud solutions, that have created new impetus for change. This new distributed architecture requires a fresh look at cyber measures. Secure Access Service Edge (SASE) providers are integrating a range of cloud-delivered safeguards, such as FWaaS, CASB, and ZTNA with SD-WAN to ensure organisations can securely access the cloud without compromising on performance.
Data & AI. Data holds paramount importance in the BFSI industry for informed decision-making, personalised customer experiences, risk assessment, fraud prevention, and regulatory compliance. AI applications are being used to tailor products and services, optimise operational efficiency, and stay competitive in an evolving market. As part of their technology modernisation efforts, 47% of BFSI institutions are refining their data and AI strategies. They also acknowledge the challenges associated – and satisfying risk, regulatory, and compliance requirements is one of the biggest challenges facing BFSI organisations in the AI deployments.
The rush to experiment with Generative AI and foundation models to assist customers and employees is only heightening these concerns. There is an urgent need for policies around the use of these emerging technologies. Initiatives such as the Monetary Authority of Singapore’s Veritas that aim to enable financial institutions to evaluate their AI and data analytics solutions against the principles of fairness, ethics, accountability, and transparency (FEAT) are expected to provide the much-needed guidance to the industry.
Digital Workplace. As with other industries with a high percentage of knowledge workers, BFSI organisations are grappling with granting remote access to staff. Cloud-based collaboration and Fintech tools, BYOD policies, and sensitive data traversing home networks are all creating new challenges for cyber teams. Modern approaches, such as zero trust network access, privilege management, and network segmentation are necessary to ensure workers can seamlessly but securely perform their roles remotely.
Looking Beyond Technology: Evaluating the Adequacy of Compliance-Centric Cyber Strategies
The BFSI industry stands among the most rigorously regulated industries, with scrutiny intensifying following every collapse or notable breach. Cyber and data protection teams shoulder the responsibility of understanding the implications of and adhering to emerging data protection regulations in areas such as GDPR, PCI-DSS, SOC 2, and PSD2. Automating compliance procedures emerges as a compelling solution to streamline processes, mitigate risks, and curtail expenses. Technologies such as robotic process automation (RPA), low-code development, and continuous compliance monitoring are gaining prominence.
The adoption of AI to enhance security is still emerging but will accelerate rapidly. Ecosystm research shows that within the next two years, nearly 70% of BFSI organisations will have invested in SecOps. AI can help Security Operations Centres (SOCs) prioritise alerts and respond to threats faster than could be performed manually. Additionally, the expanding variety of network endpoints, including customer devices, ATMs, and tools used by frontline employees, can embrace AI-enhanced protection without introducing additional onboarding friction.
However, there is a need for BFSI organisations to look beyond compliance checklists to a more holistic cyber approach that can prioritise cyber measures continually based on the risk to the organisations. And this is one of the biggest challenges that BFSI CISOs face. Ecosystm research finds that 72% of cyber and technology leaders in the industry feel that there is limited understanding of cyber risk and governance in their organisations.
In fact, BFSI organisations must look at the interconnectedness of an intelligence-led and risk-based strategy. Thorough risk assessments let organisations prioritise vulnerability mitigation effectively. This targeted approach optimises security initiatives by focusing on high-risk areas, reducing security debt. To adapt to evolving threats, intelligence should inform risk assessment. Intelligence-led strategies empower cybersecurity leaders with real-time threat insights for proactive measures, actively tackling emerging threats and vulnerabilities – and definitely moving beyond compliance-focused strategies.