The House of Training, in partnership with the Luxembourg Bankers' Association - ABBL, Solvay Lifelong Learning and the Febelfin Academy, has developed an innovative certification, “Qualified Cybersecurity Professional in Finance.” Designed to equip participants with key skills for navigating the cybersecurity landscape, this programme features multiple training cycles focused on practical applications, risk management, and regulatory compliance.
In this interview, Ananda Kautz, Head of Innovation, Payments, and Sustainability Member of the Management Board at ABBL, shares her insights into the cybersecurity challenges and opportunities facing Luxembourg’s banking sector in an era of digitalisation and artificial intelligence. She highlights the impact of recent EU regulations, such as the AI Act and the Digital Operational Resilience Act (DORA), emphasizing the need for proactive strategies and continuous investment in cybersecurity talent to enhance resilience and foster innovation.
What are the cybersecurity challenges and opportunities for the Luxembourg banking sector in the context of digitalisation and artificial intelligence?
The Luxembourg banking sector, much like many other financial hubs, finds itself at a pivotal moment with the rise of digitalisation and the growing use of artificial intelligence (AI). While banks are adopting innovative technologies to stay competitive and meet evolving customer needs, they are also expected to deliver solutions that are resilient, reliable, and secure. Such recent EU regulations as AI Act and Digital Operational Resilience Act (DORA) are aimed at laying regulatory framework for financial institutions on their journey to cybersecurity resilience and AI adoption.
However, recent events have shown that financial crime is a widespread issue, with criminals also leveraging innovation to their advantage. Digital transformation increases the vulnerability to cybersecurity threats as more systems, services, and devices become connected to the internet. AI-driven cyberattacks allow criminals to execute more sophisticated methods, making cybersecurity even more complex. Additionally, the increasing use of AI presents challenges in safeguarding personal and sensitive customer data.
Although the integration of AI brings significant cybersecurity challenges, it also creates opportunities to enhance security and drive innovation. By harnessing AI for advanced threat detection, collaborating with FinTechs, and adopting robust security frameworks, Luxembourg banks can shift cybersecurity from a mere compliance requirement to a competitive advantage.
In the end, cybersecurity is a race against time—one that can only be won through strong AI governance and continued investment in cybersecurity talent.
What is the current cybersecurity regulatory landscape, and which developments are planned at European and national level?
The cybersecurity regulatory landscape in the European Union (EU) has become increasingly robust, driven by the need to address ever-evolving cybersecurity threats. Several key regulations, directives, and initiatives have shaped the current framework. However, many financial institutions still rely on outdated IT infrastructures that were not designed to support modern digital solutions. Integrating these new technologies can be a complex, costly, and time-consuming process. Ensuring seamless interoperability between new and legacy systems is crucial to avoid operational disruptions and maintain consistent service delivery.
Financial institutions also face additional challenges, including an increased risk of cybersecurity threats, the need to comply with stricter regulations, managing the vast amount of data generated by digital tools, and addressing a growing skills gap in the sector. Tackling these issues requires a proactive approach: strategic investment, encouraging innovation while mitigating risks, and a comprehensive, forward-looking regulatory framework.
This is where DORA (Digital Operational Resilience Act) comes into play. As part of the EU's Digital Finance Package, DORA applies on 17 January 2025. It is designed specifically to bolster the operational resilience of the financial services sector against ICT-related risks, ensuring that banks, investment firms, and other financial institutions can continue operations even during severe cyber incidents.
Key provisions of DORA include:
A standardised approach to ICT risk management across the EU.
Mandatory incident reporting to relevant authorities.
Oversight of critical third-party service providers.
Regular threat-led penetration testing for certain financial institutions.
While many voices have risen about costs entailed by this new regulation, at ABBL level we are positive about DORA, as we believe that it will foster good investments. One should never forget that an attack or a breakdown in the system can have a direct impact on customers, and not doing everything possible to prevent this type of incident can cost the bank a lot more in the long run than doing it in the first place.
Discover how this program can shape the future of cybersecurity in finance!