BIBM Seeks Guidance for Banks to Adopt AI-Based Security Measures

Only 11% of banks in Bangladesh are fully prepared in terms of IT infrastructure to adopt AI-powered cybersecurity solutions, while the remaining 89% are not yet fully ready, according to a report released today (22 October) by the Bangladesh Institute of Bank Management (BIBM).

Titled "Adoption of AI in Cybersecurity Management of Banks: Bangladesh Perspective," the report outlines the current state of preparedness among banks for integrating AI in cybersecurity systems.

It reveals that 69% of surveyed banks consider themselves partially prepared, meaning that while foundational systems and awareness are in place, substantial improvements are still needed.

Another 11% of banks described themselves as mostly prepared, indicating they are in the advanced stages of readiness but continue to face some technical or operational limitations.

Similarly, 11% of banks reported being fully prepared, demonstrating that a small group of institutions has developed mature IT infrastructures capable of effectively deploying AI-based cybersecurity tools. In contrast, 6% said they are poorly prepared, and 3% admitted to being not prepared at all.

Mohammad Ali, managing director of BIBM, said that top-tier banks have taken the lead in modernizing their IT infrastructure and are ready to adopt AI-driven cybersecurity solutions. Among them are BRAC Bank, City Bank, and Pubali Bank, which have made significant investments in technological development.

He noted that many banks are still preoccupied with recovering defaulted loans, especially those facing financial stress.

Such institutions, he said, are unlikely to prioritise investments in AI. Mid-level banks are also focused more on strengthening their financial positions before moving toward large-scale technology upgrades.

The report also revealed that the application of AI in disaster recovery (DR) planning for cybersecurity is almost entirely absent in the sector.

An overwhelming 95% of banks reported that they do not use AI in DR planning and continue to rely on manual or table-top exercises. Only 5% have begun exploring this application, making it a rare and highly experimental practice, per the report.

In terms of AI adoption in critical cybersecurity areas such as fraud detection, anomaly detection, and threat intelligence, the report found implementation remains limited.

A large portion of banks reported minimal or moderate use, suggesting most institutions are still in the early or trial phases of adopting AI in these areas.

Only a small number indicated high or extensive use of AI. A considerable portion also reported no adoption or uncertainty regarding AI integration in their systems.

The report concluded by noting that a lack of clear regulatory guidelines around AI and cybersecurity remains a key challenge, slowing progress and limiting the confidence of banks in scaling up AI deployment.