Cultivating a Resilient Security Culture in FSI with Aspire's Tobias Klingel.

Corinium’s Kashmira George spoke with Tobias Klingel, Head of Information Security at Aspire, about creating a resilient security culture in financial services.

In an era where AI is reshaping industries at an unprecedented pace, financial services are at the forefront of both innovation and regulatory scrutiny. The strongest security strategies don’t just come from the top down; they’re embedded in how people think and work every day. As AI reshapes financial services and cloud adoption accelerates, the real challenge isn’t just keeping up with technology—it’s ensuring that security becomes second nature across the organisation.

In our latest discussion, I had the opportunity to speak with Tobias Klingel, Head of Information Security at Aspire, about the evolving cybersecurity landscape, AI-driven security measures, and the challenges of cloud adoption in financial services. 

Check out the key points discussed:

AI in Cybersecurity: A Double-Edged Sword?

Tobias highlighted that AI has revolutionised security operations, enabling real-time threat detection and automation that significantly enhance financial institutions’ ability to prevent fraud. AI-powered tools are moving the industry from reactive to proactive security postures, detecting potential breaches earlier and reducing risk exposure.

However, AI’s rapid evolution also raises concerns around governance. Tobias advised CISOs to treat AI as just another tool, much like the shift to cloud computing in previous years. “Adapting data governance, ensuring compliance with regulations like GDPR, and training employees on AI’s limitations are key steps in using AI responsibly,” he highlighted.

Merging Traditional Security with AI-Driven Solutions

Financial institutions often face the challenge of integrating AI-powered solutions with traditional security models while maintaining regulatory compliance. Tobias advocated for collaboration between legacy security teams and AI-focused teams to bridge knowledge gaps. “Understanding AI’s black-box nature is crucial,” he said, stressing the importance of internal guidelines and clear security policies.

Much like cloud adoption, he suggested that financial services firms should leverage AI while maintaining core security principles, such as access controls, vulnerability assessments, and network monitoring. These foundational elements remain critical, even as AI automates threat detection and response.

The Evolution of Cloud Adoption in Financial Services

As the Head of Information Security at Aspire, a cloud-native company, Tobias provided unique insights into the future of cloud adoption in financial services. While many firms still struggle with transitioning from on-premise infrastructure, Tobias believes cloud platforms offer higher security, stringent compliance, and better cost efficiency than traditional IT environments.

However, he acknowledged that regulatory hurdles still exist in some markets where cloud adoption faces restrictions due to local compliance requirements. He reassured that with multi-cloud strategies, financial institutions can distribute risk and maintain operational resilience while meeting regulatory expectations.

Building Cyber Resilience in Cloud Security Strategies

Tobias underlined that resilience in cloud security is not just about technology—it’s about governance, monitoring, and structured security processes. He stressed the importance of three key areas:

• Continuous security audits to detect vulnerabilities in real-time.
• Strict access control measures to prevent unauthorised exposure of sensitive data.
• Infrastructure-as-code security to ensure misconfigurations don’t expose cloud environments to threats.

Tobias pointed out that while cloud security concerns persist, today’s highly regulated cloud providers often offer better protection than many on-premise solutions.

A Security-First Culture

Security isn’t just about tools and tech—it’s about mindset. Tobias made it clear that a strong security culture is what sets resilient financial institutions apart. It’s not enough to have policies in place if employees don’t understand them or, worse, don’t follow them.

“Training employees to recognise threats, follow internal guidelines, and use AI responsibly is just as crucial as having the right security tools,” he pointed out. In other words, security needs to be second nature, not an afterthought.

He also highlighted the importance of breaking down silos. Security teams need to work closely with IT, AI, and compliance teams to align on best practices and ensure that security keeps up with evolving tech. The companies that do this well aren’t just checking a compliance box—they’re embedding security into their day-to-day operations, making it a core part of how they work.

Key Security Priorities for CISOs in 2025

Looking ahead, Tobias identified data governance, compliance, and AI integration as top challenges for CISOs in 2025. He emphasised that as AI-driven security solutions evolve, financial institutions must ensure responsible data usage while maintaining customer trust.

“CISOs must ensure continuous operations while balancing AI’s potential and its risks,” he stated. The key? Strong governance, rigorous training, and a proactive approach to security.

Join the Conversation at CISO FSI Singapore 2025

For those eager to learn more from Tobias, he will be speaking at CISO FSI Singapore on April 22, 2025, at the Equarius Hotel, Sentosa. His session will dive deeper into AI’s impact on security culture, regulatory challenges, and best security practices for financial institutions.

If you are interested to speak or partner with us at CISO FSI Singapore 2025, reach out to Kashmira George.