DFSA report flags mounting risks from AI, quantum computing

The Dubai Financial Services Authority (DFSA), the independent regulator of financial services conducted in or from the DIFC, has sounded a clear warning about the rising convergence of cyber risks, artificial intelligence (AI), and quantum computing in a new report that outlines the future of digital regulation for global financial systems. 

“Cyber and artificial intelligence risk in financial services: Strengthening oversight through international dialogue,” released on June 30, highlights how emerging technologies are reshaping both the opportunity landscape and the threat environment across financial services.

Recommended For You

Dubai: Traffic diversion at key intersection from July 13

UAE strongly condemns attack on monastery in Myanmar

Sharaf DG unveils its largest electronics experience in Abu Dhabi at Reem Mall

How Dubai's artificial reefs are helping revive marine life, grow fish species

India: 25-year-old tennis player Radhika Yadav shot dead by her father at home

 

Published after the DFSA’s inaugural Cyber and AI Risk Regulatory College — attended by 70 senior officials from 18 regulatory authorities worldwide — the report captures regulatory consensus on the accelerating pace of digital transformation and the urgent need for coordinated global oversight. The report underscored the mounting complexity of cyber threats, the disruptive potential of AI, and the systemic vulnerabilities posed by quantum computing.

As the lines between operational resilience, cybersecurity, and technological innovation continue to blur, the DFSA’s message is clear: regulatory frameworks must evolve swiftly and collaboratively to protect the integrity of global financial systems in a world of accelerated digital disruption.

“Digital risks are no longer peripheral – they are fast becoming systemic,” said Justin Baldacchino, managing director of Supervision at DFSA. “This report reflects a growing supervisory consensus on where these risks are converging and how regulatory approaches are evolving.”

Among the report’s key findings is the rising frequency and sophistication of cyberattacks, many of which now involve ‘Living Off the Land’ tactics — where attackers misuse legitimate tools already present in systems to evade detection. The reliance on shared digital infrastructure, such as cloud services and third-party platforms, has further amplified vulnerability. A single-point failure within a critical provider — be it a cloud operator, payment processor, or managed services firm — could lead to widespread disruption, according to the DFSA.

Supply chain attacks also feature prominently in the risk narrative. Financial institutions face threats from compromised credentials, outdated or unpatched software, and malicious updates within partner ecosystems. The proliferation of Internet of Things (IoT) devices and edge technologies — often with weak security governance — has added new threat vectors to an already complex cybersecurity landscape.

The report also explores how cloud adoption, while enhancing resilience and scalability, introduces its own set of challenges. Cloud platforms enable faster deployment of AI solutions, but they raise critical concerns around data privacy, jurisdictional control, and vendor dependence. When sensitive financial data is processed or stored across borders, regulatory compliance and data sovereignty become difficult to manage.

Herman Schueller, director of Innovation & Technology Risk Supervision at DFSA, emphasised the need for cross-border regulatory collaboration: “As innovation accelerates, financial regulators globally are actively examining how best to adapt oversight practices. This report reflects the value of open, international dialogue in building mutual understanding of the regulatory, technical, and operational dimensions of digital risks.”

One of the most striking themes of the report is the looming risk of quantum computing. Though still in the early stages of development, quantum computers have the potential to break existing cryptographic systems that underpin global financial security. The DFSA report urges early, coordinated planning to prepare for the transition to post-quantum cryptography, warning that institutions must not wait until quantum capability is commercially viable to act.

AI-driven threats are another focal point. Malicious actors are now using AI to automate attacks, bypass defences, and even create synthetic media such as deepfakes and voice clones that can deceive users and systems. These AI-powered tools can detect vulnerabilities, launch attacks at scale, and operate autonomously. The report calls for stronger explainability frameworks, third-party risk assessments, and robust governance to manage the growing reliance on AI across financial services.

The DFSA also notes that rising geopolitical tensions are compounding digital risks. State-sponsored cyber operations and Advanced Persistent Threats are becoming more frequent and targeted, often remaining undetected for long periods. As global financial institutions operate across jurisdictions with varying regulatory maturity, they face fragmented compliance burdens and heightened exposure to politically motivated cyber threats.

The DFSA report contributes to the regulator’s broader commitment to proactive, principle-based supervision within the Dubai International Financial Centre (DIFC). Through ongoing initiatives like the DFSA Threat Intelligence Platform and work on AI governance, the authority is reinforcing its role as a thought leader in managing digital-era financial risks.

Issac John

Issac John is Managing Editor at Khaleej Times and has over 45 years of experience in top-tier newspapers across UAE. A seasoned business writer and economic analyst, he brings unmatched insight into the geopolitics and geoeconomics shaping the Gulf and India.

issacjohn@khaleejtimes.com