Part 2: Social Engineering and Cyber Threats: The Return of the Human Factor

Social Engineering and Cyber Threats: The Return of the Human Factor

Cyber threats against the financial sector have become increasingly human. AI-generated scams, advanced social manipulation, and deepfakes are redefining the risk landscape, making employees themselves the final line of defense. Meeting these threats requires more than technology — it demands education, culture, courage, and insightful leadership. These are the key takeaways from recent analyses by Bankgirot, Secify, and Integrity360.

This article is part two of the series Finance in Transition, where we explore how AI, cybersecurity, and cloud technology are shaping the financial ecosystem of the future.

AI-generated crimes are growing rapidly. Cybercriminals now use generative AI to create voices, images, and texts that are almost indistinguishable from real colleagues or customers. Deepfakes and cloned voices are being deployed to trick employees into approving transactions, sharing sensitive information, or bypassing internal security protocols. The most sophisticated attacks are hyper-personalized and extremely difficult to detect, even for trained professionals.

Global cybersecurity reports confirm that AI-supported social engineering has become the dominant threat. Phishing emails are now tailor-made by AI to mimic internal communication, while insider threats are increasing as work becomes more digital and decentralized. To keep pace, financial institutions must continuously update detection systems to recognize AI-generated manipulation and emerging ways of evading technical safeguards.

The Human Element: Weakness and Strength

Research shows that eight out of ten financial breaches stem from human error, stress, or misplaced sense of duty — and that hybrid work models have significantly expanded the attack surface. Yet the human factor is also proving to be the strongest defense.

Modern banks are investing in gamified training and realistic simulations where employees practice identifying manipulation attempts and responding under pressure. Through interactive exercises, staff gain the confidence and intuition needed to act decisively when threats appear.

Leadership and culture play a critical role. Banks that engage all employees and embed security awareness across the organization report significantly lower incident rates and stronger digital resilience.

The NIS2 Directive and What Comes Next

The EU’s new NIS2 directive introduces far stricter requirements for risk management, incident reporting, and security culture within critical sectors such as finance. Reports from Bankgirot and Secify highlight that many banks see NIS2 as a turning point — a shift that elevates cybersecurity from a technical issue to a strategic business priority.

Implementation still varies widely across institutions. Those furthest ahead have made training, simulations, and scenario-based testing a core part of their ongoing development programs.

The Future of Cybersecurity: Collaboration and Digital Resilience

Tomorrow’s cybersecurity demands a multifactor approach where technology, people, and leadership work hand in hand. Automated AI tools can detect anomalies, but it is human judgment that prevents most breaches.

A key success factor is building a culture of openness around incident reporting and information sharing — without blame or fear. When employees feel safe and accountable, they act faster, which can be crucial in containing an attack.

Cybersecurity has become a business-critical issue. Protecting customer trust and organizational value is now as much about relationships as it is about data. True digital resilience begins with aware, empowered, and courageous people.

Checklist: Building Digital Resilience in Practice

  • Train regularly. Introduce ongoing exercises and simulated attacks to help employees recognize manipulation before it’s too late.
  • Make security culture inclusive. Treat cybersecurity as a natural part of daily work — not just an IT concern.
  • Strengthen technology, but trust people. Automated AI tools are essential, but human judgment still prevents most breaches.
  • Foster confidence in reporting. Encourage quick reporting of incidents without blame or fear.
  • Connect security to business. View cybersecurity as a strategic matter of trust, brand, and customer relationships — not just risk management.

ChatGPT sade:

Read the next article in the series: Platformisation and Digital Resilience – Business Strategy on Cloud Terms

Work at HiQ

Get in touch!

Choose your nearest office, looking forward to hear from you!

Read more articles here

insight Atlassian Rovo: AI as the Hub of Future Collaboration
insight Part 3: Platformisation and Digital Resilience: Business Strategy on Cloud Terms
insight Part 1: AI and the Competence Shift: Ready for the Next Big Leap?
insight Windows 10 Support Ends – How It Affects Businesses and What You Need to Do Now
insight Meet Laura Vantellini, HiQ’s new Managing Director in Germany 
insight Digitalization, AI and the Future of Sweden – A Conversation with Minister for Civil Affairs Erik Slottner
insight Customer data is the new gold – and hackers are already digging
insight Quantum Computers and Cybersecurity – From Future Threat to Strategic Reality
insight New Report Shows How We Use ChatGPT: Like Buying an iPhone and Only Using the Flashlight
insight From Crisis to Insight: Building a More Secure Digital Public Sector
insight The Cyber Landscape 2020–2025: From Pandemic Shock to AI-Driven Threats
insight AI sets a new standard for banks’ fraud prevention
insight When Nature Strikes: How AI Can Protect the Energy System from the Next Crisis
insight AI makes Jira the developer’s new assistant
insight Only Five Percent Succeed with AI – How to Avoid Being Among the Losers
insight From Frozen Firmware to Adaptive Intelligence: Embedded Software Is Changing the Game
insight Edge AI: Intelligence Moving into the Systems
insight Digital Resilience – The Next Competitive Advantage
insight From Docker to Kubernetes – The Story of How We Build the Next Generation of Digital Ecosystems
insight The 11 Hottest AI Agents of 2025 – and How They’re Already Transforming Business
insight AI Experiences from a Developer’s Everyday Life – How to Use AI for Coding
insight From Data to Agency: Navigating the AI Maturity Path to Agentic Systems
insight What Does “Developer Experience” Really Mean – and Why Should the Business Side Care?
insight The Future of Development: What State of Software 2025 Reveals About Tomorrow’s Tech Roles
insight From Model Year to Always Up-to-Date – How Software Is Redefining the Car’s Lifecycle
insight AI in the Power Grid – From Vision to Real-World Application
insight Efficiency Without Shortcuts – How to Get More Out of Every Step in the Development Cycle
insight Interview with Ashkan Fardost: Why We Must Understand Technology as Something Deeply Human
insight Towards a Data-Driven Future: Falu Energi & Vatten’s Strategic Journey
insight Confident in Swedish – A Language Initiative that Builds Courage and Connection
insight Java on Cloud Terms – Best Practices for AWS, Azure, and GCP
insight Building a Tech Industry Where Everyone Feels at Home
insight Spring Boot, Quarkus or Micronaut? Your Guide Through the Java Framework Jungle
insight AI – The Manufacturing Industry’s Shield Against the New Reality of Trade Tariffs?
insight How to Build Change-Resilient Teams – with Annika R Malmberg on Tech Royale
insight Vibecoding vs. DevOps: The Future of Software Development in the AI Era?  
insight From Threads to Thousands – How Virtual Threads Are Transforming Java Development
insight How Companies Can Implement the POUR Principles in Their Digital Strategy Ahead of the EAA
insight Everything You Need to Know About Digital Accessibility Before June 2025
insight How Young Professionals Can Prepare for the Future of DevOps
insight Why CxOs Should Care About the Future of DevOps
insight The Trends Shaping DevOps in 2025
insight “We Must Prepare for an Increasingly Complex Threat Landscape”
insight DeepSeek and the AI Arms Race – What Does It Mean for Sweden?
insight Unlearning for DevOps Teams: A Key Skill for the Future
insight DevOps and AI: Building Systems That Learn and Adapt
insight Insights on Leadership and Partnerships in Tech with Simona Bamerlind
insight How to Lead a Tech-Forward Organization – Insights from Ledarlabbet
insight Understanding CRA: A Path to Competitive Advantage
insight Figma’s Dev Mode: A Hands-on Guide
insight Exploring AI, Cybersecurity, and the Future of Intelligence with Staffan Truvé
insight How to Avoid Common AI Project Pitfalls
insight Cybersecurity in Focus This October: How We Can Create a Safer Digital Society
insight Understanding PSD3 and PSR: Why They Matter and What You Need to Know
insight Open Banking and the API Economy: Drivers of New Innovation in Finance
insight The Swedish Financial Infrastructure from a Tech Perspective
insight Five Keys to IT and Tech-Driven Innovation – Insights from Radar Talk
insight The Rise of Autonomous Vehicles: Revolutionizing Transportation
insight AI and Sustainability: Opportunities, Challenges, and the Way Forward
insight AI – From Data to Business Decisions 
insight How HiQ Helps You and Your Business
insight What Happens if Your Software Fails?
insight Skip Projects & Pi in Software Development
insight Four Expert Tips on Business Value with GAI
insight How well do we really understand children’s digital preferences?
insight Mastering Industrial IoT
insight NIS2 – Not Just for Critical Functions
insight Navigating the AI Revolution
insight Unlocking Your Data Goldmine
insight AI Adoption in Nordic Energy and Manufacturing
insight Emerging AI Infrastructure
insight The Nordic AI Race