As cyber threats grow more complex, banks must rethink what resilience really means. Here are five key insights from a recent Nordic discussion featuring experts from Samlink, Nordea, and Kyndryl, and what every banking professional should be thinking about in 2025.
Cybersecurity and operational resilience have moved from technical checklists to boardroom priorities. In the fast-evolving Nordic banking ecosystem, the conversation is no longer about if your systems are secure. It’s about how quickly you can respond when they’re not.
At a recent 180-minute breakfast seminar hosted by Samlink, leaders from across the region gathered to address the rising threat of cyber fraud and explore what resilience really means going forward. Pål Krogdahl opened the session with a sharp reminder: the landscape has changed, and financial institutions need to catch up fast.
Here are five things every banker should have on their radar this year:
1. Most Fraud is Carried through by the Customer Herself — Understand Social Engineering
According to Sara Helin from Nordea, fraud has become deeply behavioural. Most cases are now customer-initiated, often manipulated by criminals who build trust before striking.
Today’s social engineers don’t rely on sloppy phishing emails. They use patience, psychology, and AI-driven tools to create believable scenarios that bypass firewalls and logic.
2. AI-Driven Attacks Are Already Here — And They’re Getting Smarter
NFC malware, voice clones, and deepfakes are no longer experimental. These tools are being used right now. And as Helin pointed out, the next generation of fraud will leave almost no trace.
Expect highly personalised, AI-generated attacks that mimic not only behaviour but entire digital identities. The attacker might not even be a person.
3. Being Compliant Doesn’t Mean You’re Resilient
“DORA done? Not quite,” said Jørgen Floes from Kyndryl. Being compliant with regulation isn’t enough, especially in digitally mature markets like the Nordics.
Resilience today isn’t about checking boxes. It’s about building the capability to detect, respond, and recover quickly. Digital maturity without real-time response muscle creates a dangerous gap.
“Being compliant doesn’t mean being ready.” – Jörgen Floes, Kyndryl
4. SEPA Instant Is Coming — And Fraud Will Move Just as Fast
The arrival of SEPA Instant means real-time payments are going mainstream. That’s good news for customers, but for the fraudsters as well. The panel agreed: fraud cycles are already accelerating, and most legacy systems weren’t built to keep up.
If your fraud response is still based on daily review cycles, you’re already behind.
5. Quantum Is No Longer Hype — But Regulation Hasn’t Caught Up
Quantum encryption is coming faster than expected, but regulation and preparation in the financial sector are lagging behind. That’s a serious blind spot.
The panel raised an uncomfortable but important question: “What happens when criminals get access before we do?” Banks that wait too long to act may find themselves exposed while others, including bad actors, are already ahead.
Final Thought
Cyber fraud is no longer a niche concern. It’s the battleground where behavior, technology, and regulation collide. As Pål Krogdahl summed up, resilience now means rethinking more than just systems. It means rethinking trust models, operating speed, and how fast you can recover.
If you’re in banking, the question is no longer “Are we protected?”
The real one is: Are we ready for what’s next?
