Cyber threats have evolved into complex, well-financed campaigns by criminal networks targeting financial institutions with precision and scale. These groups exploit weaknesses in systems, user behaviour, customer channels, and third-party ecosystems. Banks face mounting pressure to safeguard data, ensure operational continuity, and preserve public trust in a highly exposed digital environment.

Cybersecurity now stands alongside capital, liquidity, and compliance as a foundation of banking stability. It influences a bank’s ability to operate, protect customer data, and meet supervisory expectations. Addressing cyber risk demands executive ownership, integrated controls, and collaboration across departments. The boardroom, not the server room, has become the decision-making centre for cyber resilience.

Threat actors now target trust, not only systems

Cybercriminals are increasingly exploiting professional networks and developer platforms. Chatchawat Asawarakwong, vice chairman and group CISO at Kasikorn Business Technology Group (KBTG), explained how attackers set up fake forums to distribute malware. “They create fake developer pages and ask others to help fix supposedly broken code. Then they convince people to install software that turns out to be malware,” he said. These techniques bypass filters and target bank-managed devices and employees directly.

Aurora Unnanuntana, senior director of technology risk at the Bank of Thailand, noted a rise in large-scale attacks through non-traditional channels. “Distributed denial of service (DDoS) attacks, which overwhelm systems with traffic, and data breaches have increased, particularly through mobile apps, subsidiaries, and third-party providers,” she said. This has expanded the threat landscape far beyond traditional boundaries.

The increase in digital exposure has driven stronger interbank collaboration. Asawarakwong highlighted the Thailand Banking–Computer Emergency Response Team (TB-CERT). “The sector works together through TB-CERT to handle threats in real time and build stronger collective defences,” he said. It has become a vital early-warning and coordination mechanism for financial institutions.

Ransomware attacks involving encryption and data theft have compelled banks to simulate recovery scenarios. “Ensure your data is properly backed up, and test regularly to confirm you can recover it. That makes all the difference,” Asawarakwong said. Resilience now relies on practice and process, not policy alone.

Readiness depends on coordination, not only controls

Technology alone cannot contain cyber incidents. Internal communication and swift coordination often determine whether a breach escalates or is controlled. Nongnuch Tantisantiwong, senior vice president and head of enterprise risk and infrastructure at CIMB Thai Bank, described how response begins with internal clarity. “We need to communicate the facts to our employees as soon as a breach happens. Timely action starts with clear internal information,” she said.

Her team conducts regular escalation drills and communication checks across departments and vendors. These exercises include password resets and escalation rehearsals with third parties. “We track response rates and follow up quickly. We also ensure third-party contracts clearly state what must happen if an incident originates outside the bank,” she said. This ensures that operational dependencies are understood and documented before an incident occurs.

Asawarakwong warned that reputational damage often stems from poor internal messaging. “We must prepare our employees to respond. If someone asks them about an incident, they need to know exactly what to say,” he said. Standardised scripts are prepared for all staff levels.
Unnanuntana reinforced the regulatory requirement for comprehensive planning. “The continuity plan must cover technical protocols, business operations, internal and external communication, and regulatory reporting,” she said. Scenario testing must include executive decision-makers. “If executives do not understand their roles during a cyber crisis, decisions will be delayed,” she added.

Cyber readiness must be embedded across the organisation through simulation, leadership involvement, and clear accountability.

Fraud response must shift upstream to prevent loss

Banks, customers, and digital platforms must coordinate more closely to prevent fraud. Tantisantiwong explained how real-time transaction monitoring interrupts scams. “We interrupt suspicious transactions to give customers time to think and avoid being misled,” she said.

Regulatory approaches are evolving to define shared accountability. “If a bank’s system is compromised, they are fully responsible. If a customer is tricked into taking action, the case is more complex,” said Unnanuntana. The Bank of Thailand is advancing frameworks that clarify responsibilities among banks, telecoms, and platforms. “We need cross-industry standards that clarify where liability lies and how banks, platforms, and customers each contribute to risk.”

Operationally, banks have phased out short message service (SMS) links in favour of in-app messaging, done within the secure banking app to reduce spoofing. “The sector is moving to in-app messaging to reduce scam exposure,” said Asawarakwong. Banks also work with telecoms and regulators to detect and block fraudulent messages at the network level. This coordinated approach reflects a shift toward systemic deterrence.

AI is becoming the new frontline of defence

As fraud tactics become more agile, banks are deploying artificial intelligence (AI) and behavioural analytics for detection. These tools assess user interaction patterns and trigger identity checks when anomalies arise. “If a customer’s behaviour changes, we trigger an additional authentication step to confirm their identity,” said Asawarakwong.

This dynamic model strengthens static authentication like face or fingerprint ID, which can now be spoofed using AI. “It is not about one factor. We combine what you know, what you have, and how you behave,” he said.

Unnanuntana added that the Bank of Thailand supports AI development within governance frameworks. “Our AI guidelines are not about restricting banks. They are designed to promote responsible innovation and safe adoption,” she said. The guidance aligns with international norms and promotes model transparency.

AI is becoming a central part of risk detection and mitigation strategies. Banks that integrate behavioural analytics into core systems will be better positioned to detect fraud, reduce false positives, and intervene early.

CISO leadership now defines institutional resilience

The chief information security officer (CISO) has become a central figure in shaping strategic resilience, not only managing technical risks but guiding security-informed decisions across the organisation. “We integrate security at the design stage, not after systems are built,” said Asawarakwong.

“We are not only technical specialists anymore. We advise the business on how security decisions impact operations and resilience,” he added. CISOs today influence procurement, third-party governance, data privacy, and even how boards allocate risk budgets. Their ability to frame cyber threats in commercial terms determines how effectively institutions prioritise defences.

Tantisantiwong described how her team enforces internal accountability. “We set limits for medium- and high-risk issues and monitor whether teams act within the window,” she said. Her unit also scans social media during incidents to guide communications and flag emerging reputational risks.

Unnanuntana underscored that cybersecurity is no longer the sole domain of IT teams. “Every department must treat cybersecurity as part of its core responsibility, not something handled by a separate team,” she said. Banks are now expected to appoint CISOs with cross-functional mandate and direct access to board discussions.

This structural shift signals that resilience depends not only on robust controls, but also on clear authority, internal influence, and leadership visibility.

Cybersecurity is now a measure of business competence

Cyber threats no longer occur in isolation. They expose weaknesses not only in systems, but in governance, operations, and decision-making under pressure. Maintaining customer trust, meeting regulatory obligations, and avoiding operational disruption now depend on how effectively leadership anticipates and responds to cyber risk.

Cybersecurity has become a strategic pillar shaping how banks design digital services, manage third-party exposure, and engage with customers. Institutions that integrate cyber readiness into executive agendas, product development, and staff culture will be better prepared for disruption.