It Turns Out This Is the Problem Keeping the CEO of ASEAN's Largest Bank Awake at Night

DBS CEO Tan Su Shan stated that the biggest risk keeping her awake at night is not just market volatility or geopolitical shocks, but cyber attacks. “Cyber security. I think the new war is cyber. So what keeps me up at night is cyber. Who will attack whom, and how it will happen, how people will be affected,” the DBS executive told CNBC on the sidelines of the annual CONVERGE LIVE event in Singapore, quoted on Saturday (25/4/2026). Her warning underscores a broader shift in how financial institutions think about risks. This is because cyber threats are increasingly linked to geopolitics and rapid advances in artificial intelligence (AI). Tan said banks now operate in an environment of constant and evolving cyber risks, requiring a mindset of continuous vigilance. “Don’t assume anything, don’t trust anything, don’t trust anyone,” she said, explaining how DBS approaches cyber security internally. This has resulted in ongoing “red teaming,” or stress-testing systems by simulating attacks, as well as a culture she described as deliberate paranoia. The goal is to anticipate vulnerabilities before attackers exploit them, especially since AI lowers barriers for more sophisticated cyber threats, she said. “We are constantly paranoid about cyber security… what will differentiate winners from losers is good adoption, smart adoption, secure adoption,” Tan said. The emergence of generative AI and “agents” has added a new layer of complexity. While this technology promises productivity gains and operational efficiency, Tan warned that it also expands the attack surface—or all points where authorised users can breach systems—particularly when applied to critical systems. “When it touches production… make sure you have all the relevant safeguards,” she said, referring to AI systems that interact directly with core banking infrastructure or face customers directly. This vigilance is becoming increasingly important as financial institutions deepen their adoption of artificial intelligence. While AI promises efficiency improvements and new capabilities, Tan said it also introduces new vulnerabilities, especially as systems become more interconnected and autonomous. The rise of generative and agentic AI, she said, has created “fantastic opportunities, but also fantastic challenges and many scary things that come with it,” particularly in protecting sensitive data and core banking infrastructure. For DBS, this means building a rigorous framework on how data is handled and monitored. Tan emphasised the importance of “data lifecycle management,” ensuring data is properly governed from creation to deletion, with clear controls over access, auditability, and transparency. At the same time, the operational environment for markets and banks has become more volatile, shaped by supply chain disruptions, trade tensions, and shocks caused by conflicts, from the pandemic to tariffs and now the Iran war. Tan said these shocks have forced companies to rethink overall resilience, from supply chains to payment systems. The same principles apply to cyber security: institutions must build redundancy, alternative pathways, and contingency plans. “Prepare for the worst, hope for the best, but prepare those guidelines,” she said.