• ESMA warns AI is accelerating speed and scale of cyberattacks
• Regulator assessing financial firms’ cyber defenses amid rising risks
• Geopolitical tensions increase likelihood of targeted cyber threats
• Concerns grow over third party technology providers and systemic risk
• High market valuations seen as vulnerable to sudden selloffs
• Regulators preparing for stricter oversight of crypto and market activity

The chair of the European Securities and Markets Authority has warned that cyber risks facing financial institutions are intensifying, driven by rapid advances in artificial intelligence and rising geopolitical tensions.

Speaking in Paris, Verena Ross said regulators are increasingly concerned that AI technologies could dramatically accelerate the speed at which cyberattacks are launched and executed, posing new challenges for banks, asset managers and market infrastructure providers.

“We are closely watching how bringing AI models into this could increase the potential speed with which such attacks could happen,” Ross said, underscoring the urgency with which supervisors are now approaching the issue.

Her comments come amid growing alarm within the financial sector following reports that new AI systems are capable of identifying and exploiting previously unknown vulnerabilities in IT environments.

The emergence of such tools has heightened concerns that cyber threats may become more sophisticated and harder to detect.

Ross said the regulator has already been engaging directly with the financial entities it supervises to assess their cyber defenses in light of these developments.

The effort reflects a broader push across Europe to ensure institutions are resilient against a new generation of technology-driven threats.

Geopolitical tensions have further compounded the risks, she noted, creating a volatile backdrop in which cyberattacks could be deployed more aggressively or strategically.

“We collectively between the national and the EU level need to up our game,” Ross said. “We need to ensure that we have the capability to properly look at what financial entities are doing in this space and that we also build up our expertise so that we can oversee the critical third party providers.”

The issue of third-party risk has become increasingly prominent as financial institutions rely more heavily on external technology providers.

Under new European regulations aimed at strengthening operational resilience, a group of major technology firms has already been designated as critical providers to the financial system.

While Ross declined to say whether artificial intelligence companies could be added to that list, the possibility reflects growing recognition that AI vendors may become systemically important to financial stability.

Beyond cybersecurity, Ross highlighted concerns about broader market vulnerabilities. Elevated asset valuations across global markets, combined with geopolitical shocks, could create conditions for sudden and sharp corrections.

“We are still looking very carefully at how the markets are reacting in terms of the overall valuations, which are still very, very high,” she said. “There is a question of what type of events might turn that general positive feeling in the market around and might lead to quite some selloff.”

Recent volatility, including sharp movements in oil prices linked to geopolitical conflict, has already unsettled investors.

Such conditions typically trigger heightened regulatory scrutiny, particularly where unusual trading patterns may indicate potential market abuse.

“Whenever you see very volatile markets that are driven by news and things like that, it’s an area that you automatically spend some attention and look at carefully,” Ross said.

The regulatory agenda is also shifting in the rapidly evolving crypto sector.

National authorities across the European Union have set a deadline for crypto firms to obtain licenses or cease operations, raising questions about enforcement once that deadline passes.

“One of the challenges we will face from the first of July onwards is how do we then deal with the policing of the perimeter,” Ross said, pointing to the difficulty of ensuring compliance across a fragmented regulatory landscape.

At the same time, proposals are being considered to expand ESMA’s supervisory powers over major cross-border market participants, including large trading platforms and crypto firms.

While supported by several of the EU’s largest economies, the plans have faced resistance from some member states concerned about centralization.

“My impression is that there is indeed a political ambition now to try to move forward quickly,” Ross said.