Logo

European Lenders Face Four-Month AI Cyber Deadline

1 min read
European Lenders Face Four-Month AI Cyber Deadline image

European banks are being pushed to move faster on cyber security as regulators warn that frontier artificial intelligence could make attacks on financial institutions quicker, cheaper and more dangerous. The European Central Bank has given 110 lenders until the end of October to produce comprehensive action plans for dealing with AI-driven cyber risks.

The warning reflects growing concern that advanced AI models can identify and exploit weaknesses in IT systems at a speed that traditional bank defences may struggle to match. The European Systemic Risk Board has raised its assessment of systemic cyber risk from elevated to severe, arguing that vulnerabilities could now be weaponised in minutes or hours. That changes the pressure on banks, many of which are still managing legacy technology, complex vendor relationships and slow-moving internal processes.

For lenders, the issue is not only technical. A successful AI-assisted cyber attack could disrupt payments, compromise customer data, expose third-party weaknesses and undermine confidence in the wider financial system. Regulators are therefore treating cyber resilience as a financial stability matter, rather than a narrow IT concern.

The ECB wants banks to set out concrete measures, assign responsibility, allocate resources and establish timelines for implementation. It has also delayed its annual IT risk questionnaire to give institutions more room to focus on the immediate threat. The Bank of England has echoed the concern, although it has indicated a more collaborative approach with banks rather than issuing strict deadlines.

The coming months will show how quickly European lenders can strengthen their controls. With AI capabilities advancing rapidly, regulators are making clear that cyber readiness can no longer move at the pace of ordinary compliance cycles.

Share this article: