But ransomware and swift adoption of generative AI pose significant risks
Despite a decline in data breaches among financial services organisations, a new report has revealed ongoing challenges with ransomware response and the rapid adoption of generative AI.
Thales’ 2024 Data Threat Report for Financial Services indicates that 39% of financial services firms reported experiencing a data breach at some point, down from 49% across all sectors. The proportion of firms experiencing a breach in the past 12 months dropped from 29% in 2021 to 14% in 2024.
Although breach numbers have improved, the report highlights inadequate preparedness, with only 25% of financial services respondents saying they would follow a formal plan in case of an attack – slightly above the overall figure of 20%.
Ransomware continues to pose a significant risk, with 18% of firms reporting an attack and only 25% having a dedicated response plan, despite regulatory requirements. Of those who resolved an attack, 5% admitted to paying a ransom, while 9% stated they would consider doing so in the future.
The swift adoption of generative AI is also raising security concerns. Around 27% of financial services firms plan to integrate AI into core products or services in the coming year, five percentage points higher than the overall survey sample. However, 73% cited challenges with the pace of technological change, and 71% are already transitioning from experimental stages to broader production deployments.
“What is concerning when we look at new threats coming from technologies, such as generative AI and even quantum computing, is an overall lack of preparedness,” said Erick Reyes (pictured above), ANZ director of data security for Thales.
“Three in four organisations globally do not yet have a formal plan in place should they fall victim to a ransomware attack. Others continue to struggle with the complexities of securing their assets in the cloud, as well as integrating security within their development and operational processes.
“In environments where critical workloads are being hosted, and IT and OT is continuing to converge, cybersecurity strategies that focus on comprehensive DevSecOps programs, strong cloud security and access management are key to tackling a fast-growing and sophisticated threat landscape.”
The Thales report also found that financial services organisations store an average of 43% of their sensitive data in the cloud, and multi-cloud usage is on the rise, with 73% now employing more than one hyperscaler, up from 54% in 2022. The increasing complexity of cloud management and human error contributed to 41% of cloud-related breaches—10 percentage points higher than the overall figure.
Operational complexity also emerged as a challenge, with nearly half of respondents managing five or more key systems. Among firms citing cloud and DevSecOps security as a concern, secrets management was identified as a key issue.
The report also underscored the benefits of meeting compliance standards. Among firms that failed a compliance audit in the last 12 months, 80% had experienced a breach in their history. Among those passing audits, only 15% reported any breach history, and just 3% experienced a breach in the past year.
Looking ahead, the report noted growing interest in post-quantum cryptography, driven by fears of “harvest now, decrypt later” attacks that could exploit future advances in quantum computing. Of those recognising post-quantum cryptography as a threat, 30% said they would create contingency plans, while 48% planned to evaluate or prototype algorithms within 18 to 24 months.
The findings are based on a subset of a global survey conducted in late 2023, involving 108 financial services respondents from 18 countries, including Australia and New Zealand. Most respondents were affiliated with organisations earning between US$100 million and US$999.9 million in annual revenue.
Want to be regularly updated with mortgage news and features? Get exclusive interviews, breaking news, and industry events in your inbox – subscribe to our FREE daily newsletter. You can also follow us on Facebook, X (formerly Twitter), and LinkedIn.