Introduction
On October 6, 2025, the G7 Cyber Expert Group (CEG)—operating under the coordination of HM Treasury and co-chaired by the Bank of England and the US Department of the Treasury—issued a major statement on the risks, resilience, and opportunities presented by artificial intelligence (AI) in the sphere of global finance. To understand the significance of this development, it is essential to appreciate the CEG’s origins, mandate, expert makeup, and the evolving political and technological landscape that shaped this high-profile intervention.
Historical Origins: G7 and Cybersecurity
The roots of G7 cybersecurity engagement date to the 1990s, with early declarations and initiatives against cybercrime, such as the Ottawa Declaration (1997), the High-Tech Crime Subgroup, and the G7 24/7 Cybercrime Network (1998). These efforts were catalyzed into a cohesive, sector-specific forum with the formation of the G7 Cyber Expert Group in 2015 under Germany’s presidency. The CEG was envisioned as a long-term, high-level working group dedicated to advancing cybersecurity policy and cross-border operational resilience in the financial sector, where digital innovation and systemic risk are most tightly interwoven.
Representatives from G7 nations’ finance ministries, central banks, and supervisory bodies came together as the CEG to coordinate incident response, information sharing, and the development of international standards. Since its inception, the Group has published a series of “Fundamental Elements” guidelines addressing third-party cyber risk, ransomware, and resilience, and has coordinated both annual incident response workshops and large-scale cross-border crisis exercises.
Expert Composition and Functioning
The CEG’s expertise spans policy, regulation, and technical cybersecurity. Its membership comprises:
- Senior officials and technical advisors from the central banks, finance ministries, and supervisory authorities of all G7 countries (US, UK, Canada, France, Germany, Italy, Japan) and the European Union.
- Co-chairs: Bank of England (UK) and the US Department of the Treasury, providing continuity and leadership from both principal Western economies.
- Frequent engagement with financial sector CISOs, academic experts, and large technology vendors, resulting in a uniquely broad, multidisciplinary approach.
The CEG undertakes recurring workstreams—such as annual response exercises—and ad hoc studies on urgent topics, producing guidance referenced internationally in financial sector policy and regulation. Notably, in April 2024 the group coordinated one of the largest cross-border financial sector cyber crisis simulations to date, involving 23 authorities and setting a global benchmark for practical readiness.
The 2025 Statement: AI and Cybersecurity Risks
The new statement on Artificial Intelligence and Cybersecurity, published October 6, 2025, does not impose binding rules but sets out a best practice framework for both governments and financial organizations worldwide. Key recommendations include:
- Encouraging integration of AI-specific risks into enterprise risk management frameworks.
- Reinforcing data governance and ensuring “secure-by-design” AI system development.
- Enhancing internal skills and fostering cross-sector collaboration with academia and industry.
- Updating incident response plans and playbooks to recognize AI-driven and AI-targeted threats.
- Promoting transparency regarding data lineage and protection against data poisoning or manipulation.
- Ensuring robust monitoring, authentication, and anomaly detection to address impersonation, deepfakes, and novel fraud vectors introduced by generative and agentic AI.
This approach reflects awareness that AI’s potential to enhance operational resilience and risk management is paralleled by new exposures, particularly as criminals and nation-state actors become adept at exploiting machine learning for more scalable, sophisticated attacks.
Political, Regulatory, and Strategic Analysis
Leadership in Digital Governance
The G7—a group of advanced, democratic economies—uses the CEG and statements like the 2025 AI declaration as vehicles for global leadership, aiming to set open, rights-based standards in digital finance and technology. By prioritizing consultation and voluntary standards, the G7 approach stands as an alternative to the more centralized, state-driven cyber governance models promoted by some other major nations.
Balancing Innovation and Security
The CEG’s choice to focus on best practices—rather than direct regulation—aims to balance the dual policy imperatives of fostering rapid, competitive innovation while protecting global financial system stability. Policymakers and regulators are thus encouraged to:
- Harmonize regulatory efforts internationally.
- Promote flexibility and continuous dialogue with industry and academia.
- Avoid heavy-handed rules that could unintentionally stifle AI’s economic or security benefits.
Economic Stability and Systemic Financial Risk
Acknowledging that a major AI-facilitated cyberattack on core financial infrastructure could trigger severe economic fallout, the G7 statement contains urgent reminders that oversight models must evolve in tandem with AI complexity. The group’s repeated crisis simulations, exercises, and incident response workshops are designed to foster “herd immunity,” ensuring that single points of failure cannot rapidly cascade throughout the global banking system.
Global Norms and Geopolitics
The CEG’s AI guidance is significant beyond the G7: the group’s recommendations are closely watched and often referenced by regulators in non-G7 economies. This “soft power” in global norm-setting helps cement the G7’s influence in how digital financial markets are governed, promoting systemic transparency, data privacy, and international incident response coordination—a power play in ongoing geopolitical contestation over the direction of global digital order.
The Road Ahead: Implications for Policy and Practice
For financial sector leaders, the G7’s statement reinforces that AI-related risks cannot be treated as “future” issues. Instead, they demand:
- Immediate prioritization in cyber governance frameworks.
- Collaboration with national authorities, academia, and technology suppliers.
- Ongoing investment in workforce AI-cybersecurity expertise.
- Regular review and testing of crisis response plans—both within organizations and across national borders.
Beyond compliance, organizations are encouraged to engage in research, policy partnerships, and sector-wide lessons-learned sharing, ensuring that both benefits and hazards of AI are managed collectively rather than in isolation.
Conclusion
The G7 Cyber Expert Group’s 2025 focus on AI and cybersecurity stands at the intersection of technology, policy, economics, and international relations. While not regulation, its deeply consultative approach aims to cement best practices, build resilience, and ensure the open financial systems of the future combine innovation with robust, democratic safeguards.
As systemic cyber risks escalate and AI’s impact broadens, the G7 CEG’s mix of strategic foresight, technical expertise, and cross-sector collaboration offers an adaptive, globally relevant blueprint for managing the complex cyber risk landscape of the next decade.
References
- GOV.UK. “G7 cyber expert group statement on Artificial Intelligence and Cybersecurity: September 2025.” https://www.gov.uk/government/publications/g7-cyber-expert-group-statement-on-ai-and-cybersecurity/g7-cyber-expert-group-statement-on-artificial-intelligence-and-cybersecurity-september-2025
- US Treasury. “[PDF] G7 Cyber Expert Group Statement on Artificial Intelligence and Cybersecurity, September 2025.” https://home.treasury.gov/system/files/136/G7-Cyber-Expert-Group-Statement-AI-and-Cybersecurity-2025.pdf
- Deutsche Bundesbank. “G7 Cyber Expert Group.” https://www.bundesbank.de/en/tasks/financial-and-monetary-system/international-cooperation/g7/g7-cyber-expert-group–959194
- SOCRadar. “G7: Cybersecurity Reflections.” https://socradar.io/g7-cybersecurity-reflections/
- US Department of the Treasury. “G7 Cyber Expert Group.” https://home.treasury.gov/policy-issues/international/g-7-and-g-20/g7-cyber-expert-group
- FinancialRegNews. “G7 Cyber Expert Group highlights cybersecurity risks from quantum computing.” https://financialregnews.com/g7-cyber-group-quantum-computing-warning-finance
- GOV.UK. “G7 Cyber Expert Group – GOV.UK.” https://www.gov.uk/government/collections/g7-cyber-expert-group
- ECB. “G7 Cyber Expert Group conducts cross-border coordination exercise in the financial sector.” https://www.ecb.europa.eu/press/pr/date/2024/html/ecb.pr240423~de1afe7ceb.en.html
- LinkedIn. “G7 Cyber Experts Group publishes AI and cyber security statement.” https://www.linkedin.com/posts/luke-vile_g7-cyber-expert-group-statement-ai-and-cybersecurity-activity-7374553008380211200-HdIl
- Regulation Tomorrow. “Managing AI-related cyber risks.” https://www.regulationtomorrow.com/eu/managing-ai-related-cyber-risks/
- Banca d’Italia. “Publication of the ‘G7 Cyber Expert Group Statement on Artificial Intelligence and Cybersecurity’.” https://www.bancaditalia.it/media/notizia/publication-of-the-g7-cyber-expert-group-statement-on-artificial-intelligence-and-cybersecurity/
- ABA Banking Journal. “G7 group issues document on AI benefits, risks to financial system.” https://bankingjournal.aba.com/2025/09/g7-group-issues-document-on-ai-benefits-risks-to-financial-system/
- DataGuidance. “International: G7 Cyber Expert Group publishes statement on AI and Cybersecurity.” https://www.dataguidance.com/news/international-g7-cyber-expert-group-publishes
- Istituto Affari Internazionali. “Technological Innovation and Cybersecurity: The Role of the G7.” https://www.iai.it/en/pubblicazioni/technological-innovation-and-cybersecurity-role-g7
- MLex. “G7 warns finance ministers, central banks of AI cyber risks, opportunities.” https://www.mlex.com/mlex/artificial-intelligence/articles/2396194/g7-warns-finance-ministers-central-banks-of-ai-cyber-risks-opportunities
Leave a comment