Cyber, AI, and Quantum Risks: Building Resilience in Financial Services

The Riffle

Digital risk has evolved into a systemic threat—one that no institution or regulator can tackle alone. This was the central theme of the Dubai Financial Services Authority’s (DFSA) inaugural Cyber and AI Risk Regulatory College, held in May 2025, which convened 70 representatives from 18 financial regulatory authorities.

The discussions underscored three interconnected risk areas reshaping financial services today: cybersecurity, quantum computing, and artificial intelligence (AI) .

Cyber Risk Oversight: A Dynamic Threat Landscape

Cyberattacks on financial institutions are becoming more frequent, sophisticated, and global. Key trends include:

• AI-enhanced threats such as deepfakes, synthetic voice fraud, and autonomous AI-driven exploits.

• Double extortion ransomware and supply chain attacks targeting critical third-party providers.

• Geopolitical tensions fueling state-sponsored cyber campaigns.

Regulators emphasized three pillars for resilience:

1. Stronger cyber risk identification and governance at the board level.

2. Resilience testing through simulations and scaled cybersecurity assessments.

3. Enhanced cross-border collaboration and threat intelligence sharing .

Quantum Risk: Preparing for the Next Frontier

While still emerging, quantum computing poses a long-term systemic risk to the cryptographic foundations of finance. A cryptographically-relevant quantum computer (CRQC) could emerge by 2030–2040, rendering current public-key encryption obsolete.

The immediate danger lies in “harvest now, decrypt later” attacks, where threat actors collect encrypted data today with the intent of decrypting it once quantum capabilities arrive.

Recommended steps for institutions include:

• Conducting a full inventory of cryptographic systems.

• Developing a transition strategy toward post-quantum cryptography (PQC).

• Piloting PQC solutions for high-risk systems while monitoring standardization efforts .

AI Risk: Innovation Meets Accountability

AI is now embedded across financial services—from fraud detection and compliance automation to robo-advisors and algorithmic trading. But alongside its benefits come critical risks:

• Data governance challenges and risks of data poisoning.

• Black box models that limit transparency and accountability.

• Supply chain concentration, with heavy reliance on a few large AI and cloud providers.

Regulators are calling for:

• Explainable AI frameworks using tools like LIME, SHAP, and counterfactuals to improve transparency.

• Principle-based oversight that balances innovation with accountability.

• Greater focus on systemic risks, including bias amplification and AI-induced herding behavior .

Conclusion: Toward Collective Resilience

The DFSA’s briefing makes it clear: cyber, AI, and quantum risks are no longer emerging threats—they are systemic challenges. Addressing them requires:

• Stronger board-level accountability and governance.

• Proactive crypto-agility to prepare for quantum disruption.

• Transparent, explainable, and responsibly deployed AI.

• Above all, international collaboration to build secure, trusted, and adaptive financial markets.

As innovation accelerates, the resilience of tomorrow’s financial system will depend on decisions made today.

Read the full briefing document presented by 10 Leaves here -