cyber threats are keeping her up at night
Tan Su Shan, chief executive officer of DBS Group Holdings Ltd., speaks at the Singapore Fintech Festival in Singapore on November 12, 2025.
Bloomberg | Bloomberg | Getty Images
According to DBS CEO Tan Su Shan, the biggest risk that keeps him up at night is not just market fluctuations or geopolitical shocks, but also cyber attacks.
“Cybersecurity. I think the new war is cyber. So cyber is what keeps me awake at night. Who’s going to attack who and how it’s going to happen, how people are going to be affected,” DBS’s managing director told CNBC on the sidelines of the annual CONVERGE LIVE event in Singapore.
His warning underscores a broader shift in how financial institutions think about risk, as cyber threats become increasingly intertwined with geopolitics and rapid advances in artificial intelligence.
Tan said that banks now operate in an environment where cyber risks are constant and evolving, which requires a mentality that requires constant vigilance. “Assume nothing, trust nothing, trust no one,” he said, describing how DBS approaches cybersecurity within the company.
This has evolved into constant “red teaming” or stress testing systems by simulating attacks, as well as a culture that he describes as deliberate paranoia. The goal, he said, is to predict vulnerabilities before attackers can exploit them, especially as artificial intelligence lowers the barrier to more sophisticated cyber threats.
“We are constantly paranoid about cybersecurity… What will separate the winners from the losers is good adoption, smart adoption, secure adoption,” Tan said.
The rise of generative and “agent” AI has added a new layer of complexity. While these technologies promise increased productivity and operational efficiency, Tan cautioned that they also expand the attack surface, or all the points at which an authorized user can attack the system, especially when used in critical systems.
“When it comes to manufacturing…make sure you have all the relevant guardrails,” he said, referring to AI systems that are customer-facing or interact directly with core banking infrastructure.
This attention has become even more critical as financial institutions’ adoption of AI deepens. While artificial intelligence promises efficiency gains and new capabilities, Tan said it also brings new vulnerabilities, especially as systems become more interconnected and autonomous.
He noted that the rise of generative and agency AI creates “fantastic opportunities as well as fantastic challenges and a lot of the scares that come with that,” especially when it comes to protecting sensitive data and core banking infrastructure.
For DBS, this meant establishing strict frameworks for how data is processed and tracked. Tan emphasized the importance of “data lifecycle management”, which ensures that data is appropriately managed from creation to deletion, with clear controls on access, auditability and transparency.
At the same time, the operating environment for markets and banks has become more volatile, shaped by supply chain disruptions, trade tensions and conflict-related shocks from the pandemic to tariffs and now the Iran war.
These shocks are forcing companies to rethink flexibility in everything from supply chains to payment systems, Tan said. The same principle applies to cybersecurity: Organizations should create backups, alternative paths, and contingency plans.
“Prepare for the worst, hope for the best, but have your playbook ready,” he said.
