Collaborative Solutions for AI Security and Cybersecurity Risks in Canada’s Financial Sector

Financial Industry Forum on Artificial Intelligence II: Workshop 1 - Security and Cybersecurity

The financial sector is at a crucial point in managing the risks and opportunities presented by Artificial Intelligence (AI). This forum advances practical dialogue on AI’s impact in finance, focusing on security and cybersecurity challenges. Understanding these issues clearly helps remove unfounded fears and shifts attention toward real risks and effective solutions.

Preface

AI’s integration into financial services demands cooperation and well-defined best practices. The first Financial Industry Forum on Artificial Intelligence in 2022 set the stage by bringing together experts from finance, policy, and research to promote responsible AI use in Canada. That forum emphasized four key principles for AI governance: Explainability, Data, Governance, and Ethics.

Building on this foundation, the second forum expands the conversation into four focused workshops addressing security and cybersecurity, financial crime, consumer protection, and financial stability. The first workshop, held in May 2025, gathered 56 experts from banks, insurers, regulators, and academia to explore how AI reshapes security risks and what practical steps can strengthen defenses.

Security here covers protection of physical assets, technology, personnel, and data, with national security implications. AI increases the scale and speed of threats, especially in cybersecurity, already a critical concern for Canada’s financial system.

AI Security and Cybersecurity: Threats, Risks, and Mitigation

Cyber incidents cost between 1 and 10 percent of global GDP, with deepfake attacks increasing twentyfold in recent years. AI offers tools to improve customer service and fraud detection but also empowers attackers with scalable and sophisticated techniques.

Financial Sector Perspectives on AI Adoption

Among financial institutions, the biggest hurdle in managing AI-related security risks is the speed of AI development outpacing risk management efforts, cited by 60% of participants. Other challenges include vetting third-party vendors (56%) and governance uncertainty (49%).

Experts highlight the need to embed AI risk management within existing governance frameworks, updating policies and controls as necessary. Basic technology hygiene remains essential, especially regarding third-party relationships. AI adoption should be aligned with clear business objectives and measurable outcomes rather than hype.

Key AI-Enabled Threats, Risks, and Mitigations

• Social engineering and synthetic identity fraud: AI amplifies phishing and identity fraud by enabling highly convincing, personalized attacks, often using deepfake voice and video technology. These attacks threaten financial integrity and national security. Over 70% of participants see AI-enhanced social engineering as the top AI-related challenge.
• Risk management: Strengthening identity verification, employee training, and deploying AI-based monitoring tools are critical steps to detect and prevent these attacks.
• AI-assisted cyberattacks: Attackers automate and customize cyberattacks using AI, increasing speed and sophistication. AI use within institutions also broadens attack surfaces, exposing vulnerabilities like data poisoning or adversarial manipulation.
• Risk management: Implementing AI-powered defense tools, zero trust security models, rigorous AI model integrity standards, and enhanced employee awareness are key to mitigating these threats.
• AI third-party and supply chain vulnerabilities: Financial institutions’ reliance on third-party AI services creates cascading risks due to complex supply chains. Smaller institutions are especially vulnerable due to heavier dependence on external vendors.
• Risk management: Updating due diligence, standardizing vendor security requirements, and strengthening oversight are necessary to reduce supply chain risks.
• AI-driven data vulnerabilities: The vast data AI systems consume increases exposure to data leaks and corruption, threatening both proprietary and client information.
• Risk management: Maintaining strict data access controls, enhancing security hygiene, and adopting AI-enhanced data protection tools help safeguard sensitive information.

AI-Related Opportunities for Canada’s Financial Sector

Information Sharing

Timely, anonymized intelligence sharing between government and financial institutions can improve preparedness and response to AI-driven security threats. Collaboration across firms and sectors strengthens collective resilience.

Digital Identification and Verification

Robust digital ID frameworks could counter AI-enhanced identity fraud by ensuring only verified individuals access critical systems and data.

Multi-Factor Authentication (MFA)

Widespread adoption of MFA adds a vital security layer, protecting accounts and systems from AI-enabled attacks.

Employee Training

Training programs must evolve to address hyper-personalized phishing without eroding trust. Scenario-based learning that builds lasting habits is recommended over deceptive simulations.

Next Steps

Ongoing public-private collaboration is essential to balance AI innovation with risk management in financial services. The sector’s data-driven nature positions it to lead in responsible AI use, tackling productivity challenges while managing risks effectively.

Future workshops will explore financial crime, consumer protection, and financial stability, with interim and final reports summarizing key findings and best practices. Continued dialogue among institutions, regulators, and academics will be critical to advancing policies and secure AI adoption.

For management professionals seeking to deepen their AI security knowledge, exploring targeted training and certification can provide practical skills to support these evolving challenges. Resources such as Complete AI Training certifications offer structured learning paths tailored to current industry needs.