Across the BFSI landscape, cyber attackers—armed with generative AI capabilities—are demonstrating greater speed, sophistication, and scale than ever before. This has prompted urgent action from the Monetary Authority of Singapore (MAS), regulators, and financial institutions to strengthen resilience and re‑examine long‑held assumptions about cybersecurity readiness.
AI: Faster, Smarter, and Harder to Detect
The most potent tool available to cybercriminals is artificial intelligence. AI is now being utilised by attackers to create realistic deepfake audio and video, automate vulnerability finding, create extremely convincing phishing messages, and optimise attack time. A Fortinet-commissioned study found that 56% of Singaporean organizations faced AI-driven cyberthreats, and more than half saw attack volumes quadruple or treble in a single year.
Because they take advantage of governance, visibility, and human awareness gaps—gaps that were once manageable but are now overpowered by machine speed tactics—these dangers are especially deadly. AI-assisted impersonation assaults are increasingly targeting senior executives, financial departments, and trusted intermediaries, increasing the danger of widespread fraud and data breaches, making traditional security awareness training insufficient.
Deepfakes: The New Threat Vector for Financial Institutions
The use of deepfake technology, AI-generated synthetic audio and video - to pose as CEOs or approve fraudulent transactions is one of the most concerning advances. In order to help financial institutions reduce the risks associated with generative AI and deepfakes, MAS issued special information papers in 2025 and 2026. These studies highlight the necessity of robust identity verification procedures, behavioural safeguards, and sophisticated detection technologies.
A convincing deepfake can evade manual inspections, perplex employees, and result in multimillion-dollar losses in a field where trust and authenticity are crucial. As a result, identity assurance becomes a business necessity rather than just a security feature.
Heightening Security Obligations
In Singapore's BFSI industry, cybersecurity is a legal need rather than merely a technical problem. Strong cybersecurity frameworks spanning governance, identity management, encryption, incident response, and more are required under MAS's Technology Risk Management (TRM) Guidelines, which have been improved in recent years.
MAS keeps increasing monitoring as cyber dangers change. The regulator's position is unambiguous: financial stability is directly impacted by digital resilience. Following service interruptions, MAS took supervisory action against large institutions in 2022 and 2023, highlighting the importance of resilience, explainability, and auditability for any system employed in detection, diagnosis, or recovery.
The adoption of AI tools, like security automation and AIOps platforms, will be significantly impacted by this. AI must be transparent, regulated, and governable in Singapore; it cannot be a "black box".
Digital Banking Growth Expands the Attack Surface
Exposure to cyber hazards has significantly expanded due to the rapid growth of digital banking, mobile payments, immediate transfers, and virtual client contacts. With banks implementing increasingly complex security measures like fund locks, multi-layer authentication, and improved verification procedures, mobile banking officially overtook online banking as Singapore's main financial interface in 2026.
However, the underlying infrastructure gets more complicated as banking becomes more convenient. Stronger monitoring and access restrictions are required since connections to third-party fintechs, cloud services, APIs, and SaaS systems increase the threat surface.
Multi‑Cloud Complexity Raises New Security Challenges
Singapore’s BFSI sector is deeply invested in cloud transformation. Nearly 90% of Asia‑Pacific enterprises run workloads across multiple clouds, creating an architecture that is powerful yet highly complex.
Overlapping cloud environments produce fragmented telemetry, inconsistent signals, and multiple potential failure points. Traditional monitoring tools are no longer adequate; institutions require AI‑assisted observability, but these systems must meet MAS’s strict expectations for auditability and governance.
The result is a delicate balancing act: using AI to secure increasingly complex infrastructure while ensuring the AI itself complies with regulatory standards.
The Trust Barrier: Singapore Consumers Are Wary of AI in Banking
Customer trust is still brittle despite the increasing use of AI algorithms in fraud detection, credit scoring, customer support, and wealth advising. 95% of Singaporean customers are worried about using AI with their bank, especially in relation to data security and privacy. The impartiality and correctness of decisions made by AI are also questioned by many.
Banks are implementing hybrid AI-human models to ensure that AI improves efficiency without taking the place of human judgement in delicate interactions in order to preserve customer confidence. Transparency is becoming a differentiator in the marketplace.
Conclusion: A New Era Demands New Defences
AI‑driven cyber threats are not a future risk. They are here, accelerating, and quickly redefining the cybersecurity landscape for Singapore’s financial institutions. The stakes are extraordinarily high: financial stability, customer trust, regulatory compliance, and national security are deeply intertwined.
To thrive in this new era, BFSI organisations must:
Singapore’s financial industry has long been a global leader in security and innovation—but in 2026, leadership means evolving faster than the threats. The institutions that adopt AI responsibly, govern it rigorously, and secure it intelligently will define the future of Singapore’s financial ecosystem.
Join us at CISO FSI Singapore, to experience new insight in banking, finance and technology risk. For speaking opportunities, reach out to Kashmira George to learn more.