The Dubai Financial Services Authority (DFSA) has published its latest report, Cyber and Artificial Intelligence Risk in Financial Services: Strengthening Oversight Through International Dialogue. While the report covers a broad range of technology-related risks, its core focus is on the rising cybersecurity challenges reshaping the financial sector. It delivers a clear message: cyber threats are growing in sophistication and scale, demanding stronger resilience from both financial institutions and regulators.
Cyber Risks Are Now Systemic
Cyber risks are no longer isolated incidents but systemic threats that could destabilise the global financial ecosystem. The report highlights a steady increase in both the frequency and complexity of cyberattacks, driven by advances in hacking techniques and the financial sector’s heavy reliance on digital infrastructure.
Emerging technologies such as Artificial Intelligence and quantum computing bring transformative opportunities, but they also create new vulnerabilities. For example, quantum computing threatens to break existing encryption standards, pushing regulators and firms to plan for a future with “post-quantum cryptography.” The report stresses that proactive oversight must evolve in step with these rapid technological changes.
Another critical concern is the expanding supply chain risk. Financial institutions increasingly depend on third-party vendors and external service providers, making the entire ecosystem vulnerable to breaches from any weak link. The DFSA warns that a security failure in one vendor can cascade, impacting multiple institutions and compromising sensitive data.
Justin Baldacchino, Managing Director of Supervision at the DFSA, sums it up. “Digital risks are no longer peripheral. They are fast becoming systemic. This report reflects a growing supervisory consensus on where these risks are converging and how regulatory approaches are evolving.” His statement underscores the urgent need for regulators to anticipate and manage these intertwined risks to preserve financial stability.
How the DFSA Is Responding
The DFSA is actively adapting its supervisory framework to meet this evolving threat environment. Insights from the first Cyber and AI Risk Regulatory College, held in May 2025, demonstrate the authority’s commitment to international collaboration. The DFSA recognises that addressing cyber risks requires a collective, cross-border effort.
The regulator’s cyber risk supervision is structured around four key pillars.
Engage involves building awareness and resilience through firm outreach and realistic cyber simulations.
Collaborate promotes information sharing among firms and operates the region’s first regulator-led Threat Intelligence Platform (TIP).
Evaluate continuously monitors cyber risks via targeted firm assessments and thematic reviews like the 2024 Cyber Thematic Review.
Guide enforces clear rules such as the Cyber Risk Management Rules effective since January 2024 that mandate comprehensive cyber risk frameworks covering detection, response, and recovery.
Herman Schueller, Director of Innovation and Technology Risk Supervision at the DFSA, highlights the importance of adaptability. “As innovation accelerates, financial regulators globally are actively examining how best to adapt oversight practices. This report reflects the value of open, cross-border dialogue in building mutual understanding of the regulatory, technical, and operational dimensions of digital risks.”
The DFSA’s report is a timely and essential call to action for the financial sector. It confirms that cyber risk management must go beyond internal controls within individual firms to include strong regulatory frameworks and international cooperation. As the threat landscape evolves, especially within the context of cybersecurity in the UAE, only proactive oversight, continuous adaptation, and shared responsibility can keep the financial services ecosystem secure, resilient, and trusted.
