WEF: Financial Services Must Look to AI for Cybersecurity

The World Economic Forum's (WEF) Global Cybersecurity Outlook 2026 shows the financial services sector is significantly lagging behind in the use of AI to mitigate cybersecurity risks.

Finserv companies are failing to become a leader in any of the five key use cases identified by the WEF. The gap could expose the industry to increasingly sophisticated threats at a time when bad actors are leveraging AI to make their attacks more complex and difficult to defend.

The results are based on extensive interviews with global business leaders, with the findings revealed at WEF's Annual Meeting in Davos, where the world's business, government and academic leaders are congregating. 

The survey of 804 leaders, including 316 Chief Information Security Officers, 105 CEOs and 123 other C-level executives including Chief Risk Officers and Chief Technology Officers, spanned 92 countries. 

Around half of financial services companies believe they have implemented any AI tools to automate their cybersecurity operations, placing them behind the manufacturing, supply chain and transportation sector, as well as the energy sector.

Automating security operations could be critical to mitigate cyber risk due to the number of security events hitting financial services organisations each day.

Financial services companies are, as a whole, failing to lead on the other four use cases identified by WEF: detecting and responding to intrusions or anomalies; improving phishing and email threat detection; improving user behaviour analytics and insider threats; and threat intelligence and risk prioritisation.

In a Q&A session in Davos, Christian Keller, Barclays Investment Bank's Head of Economics Research, outlined the potential of AI to organisations, arguing that AI growth will enable tech to keep giving to the global economy. He noted that, although an AI bubble may form, it would be a "good bubble" and stated that investor confidence in AI remains high.

Supply chain vulnerabilities emerge

WEF also identifies the top supply chain risks that are affecting the financial services sector, with lack of visibility being the sector's top concern.

A lack of visibility is concerning because it could limit the effectiveness of financial services organisations to identify and mitigate risk.

The second-biggest supply chain risk is concentration risk – the fact that financial services companies carry too much dependence on a small number of suppliers.

Both themes carry significant risk for other sectors beyond financial services.

These vulnerabilities highlight the interconnected nature of modern financial infrastructure, where a single point of failure can cascade across multiple institutions.

Financial services organisations must prioritise supply chain resilience as part of their broader cybersecurity strategy. The sector's reliance on third-party providers for critical services means that any compromise in the supply chain could have far-reaching consequences for operational continuity and customer trust.

Systemic threats

Decentralised finance is one of the areas WEF has earmarked as carrying cybersecurity risk in the future.

It also highlights the future risk of synthetic identities, commonly known as deepfakes, and AI-driven fraud in a deep dive into the cybersecurity risks of digital currencies.

According to WEF: "By 2030, digital currencies are expected to play a growing role in daily economic activity, with broader adoption across retail payments, payroll systems and selected public and cross-border services.

"Cyber attacks targeting exchanges, wallets and smart-contract infrastructure have already caused multi-billion-dollar losses, and by 2030 such incidents could have systemic consequences, triggering potential liquidity shocks or eroding confidence in national and corporate digital assets."

WEF continues: "As synthetic identities and AI-driven fraud evolve, real-time verification and resilience of settlement networks will define trust in the financial system.

"Interdependencies among decentralised finance, central-bank digital currencies and autonomous payment agents mean that disruption in one layer can quickly ripple through others.

"In this environment, digital currencies have become critical infrastructure whose security underpins economic and societal stability."

Network disruption threatens transactions

WEF also highlights risks to financial transactions from disruption to land and satellite-based networks, which could comprise malicious and non-malicious disruption.

The increasing reliance on digital infrastructure makes the financial sector particularly vulnerable to network outages, whether caused by cyber attacks, natural disasters or technical failures. Such disruptions could halt trading, prevent payment processing and undermine confidence in digital financial services.

As financial institutions become more dependent on cloud services and distributed networks, the potential impact of network disruptions grows exponentially. The sector must develop robust contingency plans to maintain operations during connectivity failures.

Satellite-based communications, increasingly used for backup connectivity and remote operations, represent both an opportunity and a vulnerability that requires careful risk management and investment in resilient infrastructure.