Something went wrong. The page is temporarily unavailable.
Private persons
Business
Private Banking
Commercial Banking
All websites
    Contact
    Login Login Login Login Login Login
    Join us Login Login Login Login Login Login

    AI: from abusive practices to protective measures

    Reading time: 4 minutes 05-05-2026 – 14:39

    As fraud becomes more sophisticated, so must our defence strategy. Modern fraud sounds trustworthy, writes flawlessly and sounds human, and that makes it all the more dangerous. Artificial intelligence (AI) may have created the problem, but it also makes the solution scalable. Companies that use AI to monitor human behaviour, identity and context are a vital link in the digital economy.

    Steven Vermander, Megatrends Expert & Portfolio Manager at KBC Asset Management

    A new kind of fraud is regularly making headlines. Classic phishing e-mails with spelling errors or poor grammar are a thing of the past; modern fraud is almost indistinguishable from the real thing. Things have gotten serious.

    Earlier this year, for example, the federal authorities warned of scammers who used AI to mimic King Philippe’s voice and even his image in order to persuade victims, in a very subtle way, to transfer money. Other cases involved faking the identity of Flemish celebrities and news anchors in authentic-looking videos to make fake investment platforms appear credible, or investing tips sent via WhatsApp that take advantage of peer pressure and FOMO ('Fear Of Missing Out') to get victims to deposit large sums.

    Public institutions and banks are increasingly used as bait in these scams. For example, you may receive a phone call, allegedly from your bank, asking you to block a suspicious transaction (ed. always use the ‘Check who’s there’ button in KBC Mobile if this happens), or fake e-mails from mypension.be following a notification saying that official information regarding your pension will be temporarily removed from the site. Cybercriminals eagerly exploit current events to lure you into their trap.

    ‘Fraud has become hyper-realistic and emotionally persuasive, marking a turning point not only for the way we protect ourselves online, but also for how businesses, governments and investors need to approach cybersecurity.'

    Steven Vermander, Megatrends Expert & Portfolio Manager at KBC Asset Management

    Companies are also targeted. Employees receive urgent phone calls that seem to come from the CEO or CFO, with a credible-sounding voice on the line that is actually AI-generated. Recently, an Antwerp hospital had to shut down its servers due to a cyber attack, leading to cancelled surgeries and reduced services. This incident illustrates how weaknesses in the supply chain (external software) can provide an opening for an attack.

    Cybercrime is also becoming more professional. Data theft and social engineering (such as phishing, vishing, and deepfake audio/video) are evolving into a marketplace with data and access brokers, and ‘crime-as-a-service’ is growing more common. AI is taking the persuasiveness of these scams to a whole new level. 

    This type of fraud no longer exploits people’s ignorance, but their trust, using recognisable voices, familiar faces, or trusted authority figures. This is exactly what makes these attacks so dangerous: such incidents are much more convincing and therefore capable of greater harm.

    ‘By no means are all those who fall for these scams simple-minded and naive. After all, the newest tactics are designed to bypass rational thinking, relying on time pressure, authority and seemingly personal details. Anyone can be vulnerable at the wrong moment.’

    Steven Vermander, Megatrends Expert & Portfolio Manager at KBC Asset Management

    AI as part of the solution

    This reality has an important counterbalance: while artificial intelligence can be abused, it can also be used for protection, and that applies to companies and organisations as well.
    A Security Operations Centre (SOC) is an organisation’s (physical or virtual) cybersecurity command centre. This is where cyber threats are monitored, analysed and managed 24/7. SOCs are responsible for:
    • Monitoring: continuous monitoring of IT systems, networks, cloud environments and endpoints
    • Detection: identifying suspicious activities and cyberattacks
    • Analysis: estimating the severity of incidents
    • Response: taking swift action to limit damage (isolating, blocking, recovering)
    • Reporting and improvement: learning from incidents and enhancing security measures

    ‘In a world of AI-driven attacks, using AI to defend ourselves is not a luxury but a structural necessity.’

    Steven Vermander, Megatrends Expert & Portfolio Manager at KBC Asset Management

    SOCs are evolving from human incident response teams to AI-driven, partly autonomous defence platforms. As such, they offer many advantages:
    • Speed and scale: AI can analyse millions of signals at once (something that is impossible for humans), allowing suspicious patterns to be identified more quickly, often before any actual damage occurs.
    • Behavioural recognition: instead of following fixed rules, AI learns what is considered ‘normal’ behaviour within an organisation or for a user. Any deviations, however subtle, are detected more quickly.
    • Less human error: AI filters out noise and helps you focus on what really matters, reducing the risk of crucial signals being lost in the abundance of information.
    • AI can act independently: in modern SOCs AI is permitted, albeit under strict conditions, to carry out actions on its own, such as isolating a device from the network, temporarily blocking an account or terminating a malicious connection. These are crucial actions in cases involving ransomware or data theft, where every minute counts.
    • Continuous improvement: after every incident, AI learns what went right. It adapts its models, thereby reducing future false positives, transforming cybersecurity into an adaptive, self-learning system, with the SOC becoming smarter after every attack.

    In other words: AI makes cybersecurity more proactive and consistent, and less dependent on scarce human expertise. And that is exactly what is needed right now, with attacks escalating in terms of both speed and sophistication.

    The legal framework for cybersecurity in Belgium

    It is notable that cyber risks increasingly intersect with other major themes that we focus on, such as geopolitics, energy supply, supply chains and even democratic processes, with digital sabotage being used to create social unrest and influence decision-making.

    The European NIS2 Directive (Network and Information Security Directive 2) aims to enhance Europe’s digital resilience against cyberattacks, IT failures and digital disruption. Consequently, cybersecurity has become a continuous and structural responsibility at management and board level.

    For most companies, this means:
    • Continuous monitoring of digital risks
    • Mandatory incident reporting
    • Demonstrable preventive measures
    • Attention to the entire digital chain, including suppliers

    ‘Cybersecurity is shifting from an operational cost to a strategic governance issue. Organisations that fail to invest consistently are not only exposed to operational risks, but also to legal and reputational risks.’

    Steven Vermander, Megatrends Expert & Portfolio Manager at KBC Asset Management

    Cyber resilience: living with the inevitable

    Despite all these precautions and security, there is no such thing as 100% cybersecurity. The real question is: how quickly and how effectively can an organisation respond when things go wrong? This shifts the focus from pure prevention to cyber resilience, which relies upon a certain number of minimum conditions being met:

    • Clear crisis procedures
    • Segmented IT environments
    • Continuous backups
    • And last but not least: employee awareness

    Belgian studies show that almost half of Flemish companies have now experienced a cyber incident, and that human error still plays a crucial role in this regard. In addition to a sophisticated cyber strategy and ecosystem, aspects such as awareness, information sharing, internal communication campaigns and staff training are not optional luxuries.

    ‘Cybersecurity is not a product you simply buy and forget about – it’s a discipline designed to prevent major damage, both in your personal life and in a professional context.’

    Steven Vermander, Megatrends Expert & Portfolio Manager at KBC Asset Management

    Artificial intelligence is not only radically changing the nature of cyber fraud, the same technology also enables sophisticated defence systems, on a large scale and with lasting efficiency. Furthermore, cybersecurity has become a strategic focus at board level, due in part to regulations, which firmly embed digital resilience in law.

    Want to know more about cybersecurity?

    Check out the webpages of Secure4u, KBC's fraud service.
    If you want to protect your company against cybercriminals and data breaches, KBC Cyber Insurance will give you all the protection you need.

    KBC Cyber Insurance

    Disclaimer:
    Unless expressly stated otherwise, all the information you consult or obtain here has a non-binding and purely informative value. It is updated to the best of our ability and at regular intervals. However, KBC Bank NV gives no guarantees as to the timeliness, accuracy, correctness, completeness or suitability for a particular purpose of this information. The information provided here does not constitute advice or an offer to sell products or services and is not intended for commercial use. You remain fully responsible for the consequences of the use you make of this information. The intellectual property rights to the information, publications and data provided here belong to KBC Bank NV or third parties and you must refrain from any infringement thereof. Except with the express prior and written consent of KBC Bank NV, any transfer, sale, distribution or reproduction of this information is prohibited.