Central Bank of Cyprus Highlights ESRB Warning on AI-Driven Cyber Threats and Calls for Stronger Financial Sector Resilience
- 1 hour ago
- 4 min read
The Central Bank of Cyprus has drawn attention to a new warning issued by the European Systemic Risk Board regarding the growing cybersecurity risks associated with advanced artificial intelligence technologies, stating that it will continue to monitor developments closely and expects financial institutions under its supervision to take proactive measures to strengthen their resilience against emerging threats. The warning focuses on frontier artificial intelligence models, which the ESRB believes could fundamentally alter the cyber threat landscape over the short to medium term by enabling cyberattacks to become faster, more sophisticated, and significantly larger in scale.

According to the ESRB, the capabilities of advanced AI systems may dramatically accelerate the identification of software vulnerabilities, facilitate the development and deployment of malicious cyber tools, and assist attackers in exploiting weaknesses far more efficiently than previously possible. The board warned that these developments could substantially reduce the time available for organisations to detect, analyse, and respond to cyber incidents before damage occurs. Rather than posing risks solely to individual institutions, the ESRB stressed that the consequences of these technological developments should be viewed as systemic cyber risks capable of affecting the financial sector as a whole.
The CBC noted that the ESRB is urging a coordinated response throughout the European Union involving national regulators, financial institutions, and critical technology service providers. In response to the warning, the Cypriot central bank stated that it will continue to closely monitor developments in this area and expects all supervised financial institutions to implement the measures necessary to reinforce their cyber resilience and preparedness against these evolving threats.
The warning comes amid a broader effort by the European Central Bank to address the cybersecurity implications of rapidly advancing artificial intelligence technologies. The ECB has recently intensified its focus on AI-related cyber risks and has instructed euro area banks to provide detailed plans explaining how they intend to mitigate the threats posed by AI-enabled cyberattacks. According to the ECB, these plans must be submitted by October 31 and should demonstrate how institutions intend to address cyber risks that could undermine public confidence in the financial system or disrupt essential payment services.
In correspondence sent directly to bank chief executives, the ECB stated that recent developments in frontier artificial intelligence models carry potentially far-reaching implications for the confidentiality, integrity, and resilience of banks' information and communication technology systems. The central bank emphasised that financial institutions should prioritise the protection of internet-facing systems and other technology assets exposed to potential attack, including third-party software solutions and open-source software components that form part of their operational infrastructure.
The ECB further encouraged banks to accelerate efforts to remediate known vulnerabilities, enhance cyber monitoring capabilities, strengthen cyber hygiene practices, modernise ageing technological infrastructure, and improve crisis management procedures, recovery planning frameworks, and information-sharing arrangements. In order to allow institutions to dedicate greater resources to these priorities, the ECB announced that it has postponed a separate information technology survey and indicated that it may also adjust the timing of inspections and certain supervisory activities.
The ECB's actions coincided with the ESRB's broader warning that large-scale cyber incidents could have consequences extending well beyond the immediate victims of an attack. The board cautioned that severe cyber events could weaken public confidence in financial institutions and, in extreme circumstances, contribute to bank runs or wider market instability affecting financial institutions or even entire countries perceived as having weaker cyber defences.
In its warning, the ESRB stated, "These developments are a source of systemic risks to the financial system," underscoring the scale of concern surrounding the impact of advanced artificial intelligence on financial stability and cybersecurity.
The ESRB also outlined several scenarios in which AI-enhanced cyber capabilities could magnify existing threats. Among the risks identified were the gradual erosion of confidence in smaller financial institutions, sophisticated cyber espionage campaigns conducted by state-backed actors, and coordinated attacks targeting critical financial infrastructure such as payment, clearing, and settlement systems. The board further warned that misinformation and disinformation campaigns could amplify the consequences of cyber incidents by undermining public trust and creating uncertainty during periods of crisis.
Another significant concern highlighted by the ESRB involves the interconnected nature of the modern financial sector. The board noted that cyberattacks could spread rapidly through common technology providers and shared software platforms that are widely used across multiple institutions, potentially creating cascading effects throughout the financial system. The increasing reliance on common digital infrastructure means that vulnerabilities within a single provider or software component could have far-reaching implications for numerous organisations simultaneously.
The latest warning reflects growing concern among European regulatory authorities that while advances in artificial intelligence offer substantial opportunities for innovation, efficiency, and productivity, they also introduce new challenges that must be addressed to preserve cybersecurity and financial stability. Regulators increasingly view AI as both a transformative technological opportunity and a source of emerging systemic risk that requires careful oversight and coordinated mitigation efforts.
For Cyprus, the CBC's statement signals that cyber resilience will remain a major supervisory priority in the years ahead as banks and other financial institutions continue adapting to an increasingly complex threat environment shaped by rapid developments in artificial intelligence. By highlighting the ESRB's warning and supporting the ECB's supervisory initiatives, the central bank has made clear that strengthening cyber defences and improving operational resilience will be critical components of maintaining confidence in the financial system as AI-driven technologies continue to evolve.
By fLEXI tEAM

