DBS CEO Tan Su Shan Says Cyberattacks, Not Market Volatility, Keep Her Awake at Night
DBS chief tells CNBC that cybersecurity is the 'new war,' with AI expanding attack surfaces and requiring constant vigilance
L'essentiel
DBS CEO Tan Su Shan has identified cyberattacks as her biggest risk concern, telling CNBC that cybersecurity represents 'the new war.' Speaking at the bank's CONVERGE LIVE event in Singapore, she emphasized that AI is lowering barriers for sophisticated threats, expanding attack surfaces, and requiring institutions to adopt a mindset of 'perpetual vigilance' and 'deliberate paranoia.' DBS conducts continuous red teaming to stress-test systems and anticipates vulnerabilities before attackers can exploit them.
Résumé généré par IA
Pourquoi c'est important
Financial institutions globally are deepening AI adoption while facing increasingly sophisticated cyber threats. The convergence of generative AI and cybersecurity risks has created new challenges for banks managing sensitive customer data and core infrastructure.
For DBS CEO Tan Su Shan, the biggest risk keeping her up at night is not just market volatility or geopolitical shocks, but cyberattacks. "Cyber security. I think the new war is cyber. So what keeps me awake at night is cyber. It's who's going to attack who, and how it's going to happen, how people will get affected," the chief executive of DBS told CNBC on the sidelines of its annual CONVERGE LIVE event in Singapore.
Her warning underscores a broader shift in how financial institutions are thinking about risk, as cyber threats become increasingly intertwined with geopolitics and rapid advances in artificial intelligence. Tan said banks are now operating in an environment where cyber risks are constant and evolving, requiring a mindset of perpetual vigilance.
"Assume nothing, trust nothing, trust nobody," she said, describing how DBS approaches cybersecurity internally. That has translated into continuous "red teaming," or stress-testing systems by simulating attacks, as well as a culture of what she described as deliberate paranoia. The goal is to anticipate vulnerabilities before attackers exploit them, particularly as AI lowers the barrier for more sophisticated cyber threats, she said.
"We're constantly being paranoid about cybersecurity… what will separate the winners from the losers is good adoption, smart adoption, safe adoption," Tan said.
The rise of generative and "agentic" AI has added a new layer of complexity. While these technologies promise productivity gains and operational efficiencies, Tan warned they also expand the attack surface — or all the points at which an authorized user can attack a system — especially when deployed in critical systems. "When it touches production... make sure that you've got all the relevant guardrails," she said, referring to AI systems that interact directly with customer-facing or core banking infrastructure.
That vigilance has become even more critical as financial institutions deepen their adoption of artificial intelligence. While AI promises efficiency gains and new capabilities, Tan said it also introduces fresh vulnerabilities, particularly as systems become more interconnected and autonomous. The rise of generative and agentic AI, she noted, has created "fantastic opportunities, but also fantastic challenges and a lot of scariness that comes with it," especially when it comes to safeguarding sensitive data and core banking infrastructure.
For DBS, that has meant building strict frameworks around how data is handled and monitored. Tan emphasized the importance of "data lifecycle management," ensuring that data is properly governed from creation to deletion, with clear controls over access, auditability and transparency.
At the same time, the operating environment for markets and banks has grown more volatile, shaped by supply chain disruptions, trade tensions and conflict-driven shocks, from the pandemic to tariffs and now the Iran war. Tan said these shocks have forced companies to rethink resilience across the board, from supply chains to payment systems. The same principle applies to cybersecurity: institutions must build redundancy, alternative pathways and contingency plans. "Prepare for the worst, hope for the best, but have that playbook ready," she said.
Questions ouvertes
- What specific cyberattacks has DBS faced recently?
- How much is DBS investing in cybersecurity?
- What are the specific AI guardrails DBS has implemented?






