The State of Security for Finance: What You Need to Know

It’s no secret that the cybersecurity landscape remains challenging with persistent threats, new technologies, and upcoming mandates. Organizations are merely managing to stay afloat and are struggling to keep pace. Traditional cybersecurity threats, like phishing, continue to evolve in their sophistication. But it doesn’t stop there. Accompanying these legacy threat actors is the emergence of new adversaries leveraging cutting-edge technologies, such as AI, to expose vulnerable systems and breach organizations.

The state of cybersecurity is highly nuanced. We know that challenges and effective solutions differ based on company size, industry and even geography. We have many customers in the financial services industry. In pursuit of better understanding their challenges and security needs, we teamed up with Omdia Research, a global research leader. Their expert security operations (SecOps) and financial services analysts conducted a survey of over 300 security practitioners from financial institutions. 

Continue reading and download the 2023 State of Security for Financial Services Report to reveal our conclusions.

Key Takeaways: Unique Threats and Constraints 

Phishing and ransomware attacks persist as one of the most common cybersecurity  attacks for the financial sector (and most industries). However, financial organizations operate under unique constraints, which contribute to industry specific challenges such as, sensitivity of data, compliance and regulatory requirements, and fraud. Financial institutions, irrespective of their size or type, store highly sensitive customer data which comes with many industry regulations. 

Banks, lenders, brokerages, insurance companies, you name it. All of these financial service providers find themselves in a rock and a hard place, as they try to balance the accelerating pace of digital transformations (paperless payments, online shopping, Venmo) driven by customers and market demands. Simultaneously, these institutions are attempting to abide by industry regulations and protect customer data. Below are some key findings from the report on industry-specific challenges within the finance sector:

• 54% of respondents state sensitivity of data is the biggest challenge 
• 46% of respondents state compliance and regulatory requirements is the biggest challenge 
• 43% of respondents state fraud is the biggest challenge

Siloed Tools And Teams 

It’s common for financial institutions to hold a reputation for having mature SecOps technology ecosystems. In fact, many of these organizations were among the pioneers in establishing security operations centers (SOCs). However, the issue we uncovered is that many SecOps tools and teams are siloed, making it difficult to prevent breaches. 

• Almost half of the respondents have 31 or more separate security tools in place
• 63% of respondents plan to increase the number of deployed security products within the next 12 months 
• 44% of respondents plan to evaluate security automation platforms 

Fraud: A Top Challenge for Finance 

Just when organizations believe they’ve grasped every facet of today’s threat landscape, something new emerges. And this can’t be more true for the financial sector. New types of fraud are constantly emerging but are typically classified into four areas: card fraud, remote banking fraud, authorized push payment fraud, and scams. The threat of fraud is the most significant and unique cybersecurity challenge for financial service organizations, yet security and fraud teams continually struggle to collaborate to mitigate these types of attacks. As a result they tend to fall victim to breaches. 

• Nearly half of respondents (44%) state fraud prevention is their number one priority 

Frequent Victims of Costly Breaches 

Despite the numerous implemented security technologies by financial institutions, they continue to fall victim to frequent, costly, and reputation altering breaches. According to the report, organizations with over $5 billion in annual revenue face a higher likelihood of incurring breaches exceeding $1 million in total costs compared to smaller organizations. Respondents shared the cost and frequency of breaches over the last 12 months:

• 42% of respondents reported at least one breach with a total cost of $1 million
• 20% of respondents reported at least one breach with a total cost of $5 million 

The Power of Connected Teams and AI Enabled Low-Code Automation 

Based on the findings in the report, combining fraud and security teams may appear to be an obvious solution, but the reality is a bit more complex. That’s because there is an additional element required for long-term success. Both fraud and security teams require tools to enhance and expedite their remediation efforts. However, only 13% of respondents reported having a unified fraud and security team, while the majority (40% of respondents) stated that their teams share data on an ad-hoc basis. 

Traditionally, security and fraud teams have functioned independently within technology silos, which hinders any kind of collaboration. However, AI enabled low-code automation serves as a vital facilitator, enhancing operational flexibility and breaking down the barriers between the two teams. For example, automating data sharing can enhance transparency and visibility between security and fraud teams, ultimately boosting efficiency and effectiveness.

• 97% of financial services companies plan to adopt security automation within the next 12 months 

You heard it here first, the sweet combination of AI enabled low-code automation and collaboration between fraud and security teams is the key to successful and secure financial institutions. So, where do you stack up in these statistics? For a more in-depth analysis of our research findings and to benchmark your organization, download our State of Security for Finance report.