The Financial Supervisory Service (FSS) launched a review of cybersecurity measures across the finance sector on June 12, responding to increasingly sophisticated hacking tactics driven by artificial intelligence. FSS Chairman Lee Chan-jin emphasized that financial executives must take direct responsibility for defending against these digital threats to maintain consumer trust and stable operations.
Blind penetration testing increases
The review took place at the Financial Security Institute's Cybersecurity Control Center in Yongin. Lee assessed the "2026 First Half Blind Penetration Testing Training" program, where white-hat hackers launch surprise attacks on targeted financial institutions. This unannounced approach evaluates an institution's ability to detect intrusions, mount a defense, and execute emergency response protocols.
Participation in this year's training doubled from 20 to 40 companies. This increase follows the FSS's April announcement of a Proactive Digital Risk Supervision Plan. The agency also raised the frequency of these training sessions to twice a year, with the current phase running from May to June.
Addressing AI-driven cyber threats
During the visit, Lee reviewed the sector's current monitoring capabilities and specific response processes for distributed denial-of-service (DDoS) attacks and server hacking. He also examined how institutions are preparing for new cyber threats stemming from the proliferation of AI services. Financial firms are increasingly looking into specialized resources, such as an AI Learning Path for Cybersecurity Analysts, to upgrade their defense protocols against automated intrusion methods.
"Blind penetration testing is significant for confirming whether a financial institution's defense and recovery systems function properly before an actual incident occurs," Lee said. "Financial companies must continuously assess and improve their cybersecurity readiness."
Executive accountability for digital risk
The FSS expects top leadership to treat security as a core management risk rather than a purely technical issue. "In an era where digital finance is becoming commonplace, cybersecurity is a critical management risk directly linked to the stable operations of financial companies and consumer trust," Lee said.
He added that chief executives must verify their incident response systems can operate effectively during a crisis. To achieve this, executives must actively pursue enhancements in budget, personnel, and organizational structure. Professionals managing these risks can find further context on industry standards through resources focused on AI for Finance.
Why this matters for finance professionals
Financial executives and risk managers can no longer delegate cybersecurity entirely to IT departments. The doubling of blind penetration testing participants signals a regulatory shift toward proactive, stress-tested defenses. Finance leaders must ensure their budgets and incident response plans account for AI-enhanced attack vectors, or face direct regulatory scrutiny for operational failures.
Your membership also unlocks:
