Financial services (FinServ) firms are key players in the global economy. Given the sensitive and high-value nature of the information they house and handle, it’s no surprise that these institutions are heavily regulated and frequently find themselves in the crosshairs of malicious actors. As a result, FinServ organizations have some of the largest cybersecurity budgets and most advanced defenses.
Thales conducted a focused analysis drawn from its global 2024 Data Threat Report survey, centered on security and IT management professionals working for FinServ organizations to better understand the challenges these entities face in a rapidly shifting threat landscape.
The report revealed that 39% of financial businesses have experienced a breach, which is 10 percentage points lower than the average across all industries (49%). The report also noted that the percentage of businesses experiencing breaches in the last year has dropped significantly, from 29% in 2021 to 14% in 2024.
Looking at FinServ firms’ top threats, ransomware attacks against this sector continue to grow, with 18% saying they had suffered an attack. Again, this figure is 10 percentage points lower than the general finding and a notable decrease of 17 percentage points since last year’s report. Despite this good news, responding to ransomware response remains a hurdle; over the previous three years, fewer than 50% of those surveyed across all industries and company sizes said they had a formal ransomware plan in place.
Among these businesses, human error was cited as the leading cause of cloud-based data breaches at 41% (10 points higher than the global number). Exploiting previously unknown vulnerabilities took second place, again higher than the overall by 7 percentage points. A lack of multifactor authentication (MFA) to protect privileged accounts was another culprit, at 10%, also 7 percentage points lower than average.
The complexity of the cloud among end users, operators, and developers is growing. Nearly two-thirds (64%) of FinServ said it’s more complex to secure data in the cloud than on-prem, compared to 55% of general respondents. However, this can be attributed to the fact that the proportion of financial services firms using multiple hyperscalers rose from 54% in 2022 to 73% in 2024, marking a 19 percentage point increase.
Operational complexity is another worrying factor stemming from the number of security solutions and apps FinServ businesses use. For example, nearly half (49%) of those surveyed said they use five or more key management systems, running the risk of gaps in management and configuration inviting criminals to exploit them.
However, banks and financial institutions have realized the problems of increased operational complexity and are taking the required steps to consolidate their tech stack. For instance, the number of FinServ businesses claiming to have 50 or more SaaS apps in use dropped dramatically significantly, from 32% two years ago to 24% now.
Ensuring adherence to security policies that align with a multitude of regulations and regulatory bodies will continue to be a challenge for financial services organizations. Regulations, such as PCI DSS, standards such as ISO 27001 and regional legislation such as the EU’s Digital Operational Resilience Act (DORA), are becoming ever more stringent and onerous. However they seem to be having a salutary effect on finserv organizations.
In the 2024 survey, FinServ organizations failed a compliance audit in the last 12 months, 80% reported at least one breach in their history. In contrast, for those FinServ organizations that passed all compliance audits, only 15% have a breach history, and just 3% had a breach in the last 12 months. While compliance with multiple regulations and regulators will remain a challenge for FinServ organizations, it seems to correlate positively with security outcomes.
When asked about emerging concerns, quantum computing threats came up unsurprisingly. The potential future compromise of classical encryption methods and "harvest now, decrypt later" (HNDL) attacks is seeing interest in post-quantum cryptography soar (72% in the financial services sector vs. 68% overall).
Among financial services respondents who cited this threat, 30% indicated plans to develop resilience contingency strategies, while almost half (48%) plan to prototype or assess PQC algorithms within the next 18-24 months. While FinServ firms are slightly more concerned about HNDL attacks than the general respondents, they are far more proactive in exploring various solutions to address this threat.
The report also revealed that AI adoption is rising in FinServ companies. Some 27% of these respondents plan to integrate AI into their core products and services over the next year, 5 percentage points higher than the average. However, only 18% of FinServ respondents said they are experimenting with AI, compared to 33% of global businesses. This is probably because many are a step ahead and are already in the integration phase.
Focusing on GenAI adoption, 71% report they are in the integration or enablement stages of production deployments, moving beyond the experimentation and exploration phases. However, concerns do arise, with 73% of the surveyed organizations citing that rapid changes challenge their existing GenAI plans.
However, these emerging threats and technologies highlighted how managing risks associated with today’s fast-changing environments is their greatest worry, with 73% claiming that ecosystem and operational changes are their greatest concern.
The survey also noted a marked shift in how access control is managed and by whom. Nearly half (43%) of financial services businesses agree that organizations should maintain access security control, indicating that data sovereignty is a pressing topic among FinServ organizations. As a result, 32% of respondents noted that access security solutions should be provided by an independent security vendor rather than a cloud service provider because an agnostic access management solution best protects multi-cloud environments.
Among FinServ organizations, 73% have adopted multifactor authentication (MFA) to secure cloud data access, nearly matching the overall average of 74%. While this is a positive trend, organizations must implement robust MFA solutions, such as hardware tokens and phishing-resistant methods (PKI and FIDO passkeys), instead of depending on SMS or email-based solutions.
When asked about zero-trust security, 41% said access management and authentication are critical components. A deeper focus on authentication is essential for those entities using multiple SaaS applications. Enabling zero trust across numerous SaaS apps and diverse users requires flexible access policies. For legacy systems, on-premises authentication solutions are still needed to protect resources.
Financial services firms operate with complex, distributed architectures, serving a range of users from executives and headquarters staff to retail branches and customers. These organizations must contend with sophisticated threats and challenges in banking, insurance, investment banking, or securities. To address these, they must implement proactive measures, from formal ransomware response strategies to successful compliance audits, to enable them to remain in control of their security.
To dive deeper into the report findings, download the Thales 2024 Data Threat Report: FinServ Edition.