Cyber risk and technology remain persistent concerns for banks—but new technologies are changing how those risks emerge and how institutions must manage them. In ProSight’s 2026 CRO Outlook Survey, 74% of chief risk officers identified cyber risk and technology as a top-five risk.
The survey—conducted with Oliver Wyman and based on responses from more than 140 CROs and equivalents across North America—highlights how developments in AI, cybercrime, and regulation are reshaping the priorities of bank risk leaders. Oliver Wyman Partner Michael Duane said these threats are “evergreen,” but the rapid digitization of banking and increased use of AI are accelerating them.
AI is expanding the fraud threat surface. Fraud and financial crime ranked as the second-largest risk category in the survey. Nearly 32% of respondents said the possibility that AI could be used to perpetrate fraud is a top AI-related risk for their institutions.
“Innovations like AI and digital assets provide new avenues through which bad actors can operate,” Duane said. “For example, a consumer’s use of an AI agent in parts of his or her banking relationship will open up an entirely new vector for cybercriminals and fraudsters.”
AI-enabled deepfakes and other tools are making scams harder to detect. “CROs are increasingly concerned about the significant and evolving AI-enabled scams,” said Oliver Wyman Principal Christian McNally.
Banks are moving AI from pilots into real operations. According to the survey, 54% of banks have adopted AI in production, and 48% expect to deploy the technology for risk management within the next two years.
Banks are increasingly rolling out custom generative AI applications for specific use cases, including Know Your Customer and Anti-Money Laundering, credit memos, and regulatory change management.
But risk leaders are watching the next stage of the technology carefully. Agentic AI—systems capable of acting independently—could significantly change how banks interact with customers. “An agentic AI process will remove the human element, requiring different risk management techniques around things like testing and monitoring to get comfortable with an agentic AI use case,” Duane said.
Risk governance frameworks are still catching up. Despite growing adoption, only 12% of survey respondents described their AI governance and approvals framework as “highly developed.”
According to Oliver Wyman Principal Jake Ritchken, many institutions are now building out those frameworks so they can more rapidly evaluate, approve, and scale AI deployments.
Cross-disciplinary teams are becoming a key defense against fraud. Banks are also responding to the convergence of cybercrime, fraud, and compliance risk by building teams that cut across multiple disciplines.
“One continued focus area for banks has been the build-out of insider threat teams,” Ritchken said. “These multidisciplinary teams cut across cyber, fraud, and AML/compliance and maintain a set of proactive monitoring tools and playbooks to take action when potential insider threats are identified.”
