Webster Bank is deploying AI to counter cyberattacks and using caution when working with vendors to ensure the security of its systems.
Any bank working with fintechs must be careful when opening up their ecosystem to outsiders, Vikram Nafde, executive vice president and chief information officer at the $78 billion bank, told Bank Automation News. “Your company may not be directly exposed, but if a vendor is under attack, that makes you vulnerable as well.”
Banks need to ensure that “the third parties they work with have great cybersecurity and assurance programs, so that the data that they have there is safe and secure,” Nafde said, adding that banks also need to ensure that they are only sharing specific information with their vendors.

The following cyber-breaches occurred due to third-party vulnerabilities:
- In 2024, the $2.5 trillion Bank of America reported in May that its cloud provider, Infosys McCamish Solutions, suffered a data breach in which the $2.5 trillion bank lost sensitive information of 57,000 customers; and
- The $1.6 billion Evolve Bank and Trust reported that it suffered a data breach in late May from cyber-criminal organization Lockbit, which downloaded sensitive customer information, according to an Aug. 6 release.
- Card issuer American Express notified cardholders in March 2024 that their personal information may have been compromised due to an unknown merchant processor being hacked.
Ensuring security while working with fintechs usually comes as an added cost to banks, and they can become lax about putting necessary security controls in place, Nafde said.
FIs especially need high-risk controls, Patty Voight, chief information and security officer and technology risk management at the bank, told BAN, adding that an attack on one bank can make others vulnerable also.
“When you think about it, all it takes is one time” for an attacker to be successful, while the bank has to be successful every single time in defense, Voight said. Cybercriminals are not independent; “they work together, share information on the dark web.”
Rising threat
Only 11% of executives were confident in their institutions’ ability to deal with the rising threat of cyberattacks, according to the Stamford, Conn.-based Webster Bank’s survey of 150 C-level executives released earlier this year.
“The more digital it is, the more exposed to the world you are, and it is easier for cyberattacks and cyber criminals to expose your vulnerabilities,” Nafde said.
“Cyberattacks are becoming more sophisticated and faster on the bad actor side,” Nafde said. It’s not just digital attacks on operating systems but cyber attacks targeted towards humans who work at various organizations through impersonation and synthetic IDs, among other tricks, he added.
“We really need to do a great job constantly of educating and training and putting all layers of controls in place so that our most important asset, which is our human asset, are not exploited,” Nafde said.
Use of AI and cloud
Webster bank is deploying AI in a controlled and ethical manner, Voight said.
“AI and machine learning allow us to scan through large volumes of data” to find vulnerabilities and anomalies in the system, Voight said, adding that the bank continuously scans its systems to identify weak points.
Moving operations to the cloud has been helpful to improve cybersecurity, Nafde said, adding that it gives the bank better security controls than keeping data and applications on premises.
“If we don’t have our own data centers then we don’t have to constantly manage security and do necessary patching” of the systems, Nafde said. “You also get lots of other opportunities to tailor the controls.”
The bank is in the process of moving most of its operations and data to the cloud and has opted for a multi-cloud strategy, Nafde said, adding that Microsoft Azure is its main cloud provider.






