Technology and cyber risk now sit at the center of numerous banking challenges—and they’re increasingly fueling fraud. In ProSight’s 2026 CRO Outlook Survey, 74% of respondents ranked technology and cyber among their top five risks. CROs said the ongoing push toward digitalization and AI gives bad actors more ways in, while connecting new systems to old infrastructure creates integration weak spots. Geopolitical risk—named a top risk by 22% of respondents—adds another layer, as nation-states target critical infrastructure like financial services.
Fraud is increasingly AI-enabled. Fraud and financial crime ranked No. 2 on the list of top risks, named by 55% of respondents, and survey comments stressed the interplay with cyber, AI, and geopolitics. A large bank CRO warned: “If you combine cyber, AI, and what will happen in the coin space, you will see a faster proliferation of fraud. The threat actors are going to be able to move more nimbly than the governance.” Real-world attempts are getting harder to spot. The same CRO said a fraudster emailed a client while impersonating him—the message “read like an email I would send. It was near flawless.” Nearly a third of respondents (32%) said the possibility that AI could be used to perpetrate fraud was a top AI-related risk.
Third-party risk is the fault line. Given the expanding attack surface, about a quarter of respondents identified operational resiliency as a top risk. One large-bank CRO called out third-party exposure specifically—both as a gateway for exploits and as a reason banks may need to sever connections quickly during an incident to contain spread. The through-line for leaders: shore up resiliency where your digital business is most exposed.
Verification is the countermeasure. Banks are moving AI from pilots to production—54% have adopted AI in production—but governance is still catching up. Only 12% of respondents said their AI governance and approvals framework is “highly developed.” Nearly a third (32%) named the possibility that AI could be used to perpetrate fraud as a top AI-related risk. As one large-bank CRO put it: “We want to make sure everyone in the company understands the risks that may be present in using AI and not doing it blindly, ensuring there is a human in the loop.”
Executive takeaway: Cyber, AI, and fraud are converging—treat them as interconnected risks. Prioritize third-party exposure, identity/verification, and human-in-the-loop AI.
