Cybersecurity, Data Privacy & Operational Resilience: AI as Systemic Risk

The New Attack Surface

Treasury has always been a target. Payments fraud, phishing, fake invoices, criminals go where the money is.

Now add AI to the mix. Suddenly, treasurers are not just defending payment rails and banking connections, but also models, prompts, and algorithms. The attack surface has exploded.

The nightmare scenario is simple: one clever breach, and an AI-driven treasury bot could be tricked into moving money, mispricing liquidity, or leaking confidential data. In other words, AI doesn't just introduce efficiency. It introduces systemic risk.

The Fear Nobody Wants to Voice

When I talk to treasurers about AI and cyber risk, the conversation goes quiet. Then, usually off the record, I hear lines like:

1. "What if an attacker poisons our model training data?"
2. "What if a deepfake CFO orders a transfer and the AI approves it?"
3. "What if a treasury bot connecting to an FX venue gets hijacked mid-trade?"

Nobody wants to be the company that proves these fears were justified. Which is why many AI pilots are stalling at the cyber-risk hurdle.

Regulators Are Nervous Too

It's not just corporate paranoia. Regulators are connecting the dots between AI, cyber, and financial stability.

1. The EU's DORA regulation (Digital Operational Resilience Act) makes treasuries responsible for third-party ICT risks, which includes AI vendors.
2. Central banks (BoE, ECB, BIS) warn of concentration risks: if everyone relies on the same AI tools, a single vendor hack could ripple across markets.
3. Supervisors increasingly link cyber resilience to cost of capital. A breach isn't just an IT incident. It affects ratings, spreads, and reputational risk.

How to Guard Against the New Threats

Treasury doesn't need a paranoia playbook. It needs a resilience playbook.

1. AI-Specific Security. Traditional IT firewalls aren't enough. Treasuries must defend against prompt injection, data poisoning, and output manipulation, now listed in the OWASP Top-10 for AI systems.
2. Private, Encrypted Endpoints. No public AI services for treasury data. Sensitive flows must run on enterprise-grade, encrypted, isolated deployments.
3. Circuit Breakers. Any AI-connected system that moves money or executes trades must have human kill-switches and hard limits.
4. Vendor Resilience Testing. Don't just audit banks. Audit your AI vendors. Can they withstand DORA-level stress tests? Do they offer exit rights? What happens if they fail?
5. Financial Impact Mapping. Cyber incidents should be quantified in terms of liquidity risk, spreads, and ratings impact. Boards understand numbers, not just "threat levels."

The Cultural Problem

Technology isn't the only weak link. Humans are.

If treasury staff casually drop sensitive data into public chatbots, the battle is lost before it begins. If AI vendors aren't properly vetted, the risk is imported wholesale.

Culture must shift. Treasury needs an AI usage policy as strict as its payment policy. And it must be enforced.

Closing Thought

AI can make treasury more connected, more predictive, more powerful. But those same connections create fragility.

In the wrong hands, treasury AI is not just a tool. It's an attack vector, one that could move markets, damage ratings, and destabilise firms.

Resilience is not optional. It is the entry ticket.

Because when treasuries automate liquidity without securing the pipes, they're not just optimising capital. They're inviting catastrophe.