Finance
As artificial intelligence reshapes financial services, it is also amplifying one of the industry’s greatest vulnerabilities: human behavior. Sarah Gosler, Wells Fargo’s head of cyber human defense, says the rapid evolution of AI has transformed cybersecurity into a universal responsibility that extends far beyond IT departments and security teams.
“In the ’90s, cyber was a government problem. In the 2000s, it was an IT problem. In the 2010s, it was a business problem. Now, it’s an everybody problem,” Gosler said in a recent interview.
Cyber crime is projected to impose $10.5 trillion in global losses this year, as AI lowers the barrier to entry for fraudsters and enables attacks at unprecedented scale. “Long gone are the days of the prince from a faraway land with a really bad grammatical email,” she added. Today’s threats include AI-generated phishing, voice impersonation, and deepfake videos that are far more convincing and difficult to detect.
Gosler notes that 95% of successful cyber breaches involve human error, often triggered by psychological manipulation. Employees represent the largest attack surface of any bank, making the human element a critical component of cybersecurity programs.
“Humans effectively sit at the perimeter of any organization,” she said. “That’s where psychological manipulation becomes quite interesting.”
This shift has increased the importance of cyber human defense — a discipline focused on educating, training, and preparing employees to recognize and respond to threats.
Gosler’s role spans several key pillars:
Awareness and Training: Making cybersecurity education clear, engaging, and accessible — not overly technical.
Social Engineering Protection: Helping employees detect phishing, voice phishing, and AI-generated deepfakes.
Cyber Simulations and War Gaming: Immersive “safe-to-fail” environments modeled after military exercises, designed to pressure-test executives during realistic cyberattack scenarios.
Client Advisory and Public Education: Extending cyber safety guidance to clients and consumers.
“We want executives making decisions in real time during realistic scenarios,” she said. “You want to know what you’re doing in a safe-to-fail environment, not during an actual incident.”
AI is not just a threat — it’s also a powerful defensive tool. Wells Fargo uses AI for automated perimeter scanning, faster incident detection, and enhanced cyber simulations.
Gosler has also used AI creatively to make training more compelling. For Cyber Awareness Month, she designed a fictional “cyber agency” program and used AI to draft a spy-novel-style field operations guide, later refined by her team.
“I’m a creative person, but AI helped build that world much faster,” she said.
Preventing employee burnout is essential, Gosler emphasized. Cyber education must feel empowering, not punitive.
“Cyber shouldn’t be about a ‘gotcha’ moment,” she said. “It’s about meeting people where they are and helping them protect themselves — at work and at home.”
As AI makes threats more personal and more sophisticated, financial institutions must ensure their people—not just their technology—are ready to defend against the next generation of attacks.
Or Sushan
-
January 1, 2026
Or Sushan
-
January 1, 2026
Or Sushan
-
December 31, 2025
