Key Points: 

• Financial organisations face a barrage of cyber threats, with data breaches and phishing attacks ranking as top concerns, threatening both monetary losses and reputational damage.
• Emerging threats such as AI-powered cyber attacks, supply chain vulnerabilities, and cryptocurrency malware pose significant risks to financial institutions, necessitating proactive security measures.
• Security teams can mitigate these threats by adopting a holistic approach to data security, including regular risk assessments, incident response planning, and the implementation of AI-powered tools to combat evolving security schemes.
• Metomic helps financial organisations keep sensitive data secure by showing them where it is stored across SaaS, cloud and GenAI environments, as well as allowing them to see who has access to it.

Finance is still the most targeted profession when it comes to cyber attacks with 27% of data breaches affecting financial organisations in 2023, according to a report from Kroll.

Due to the sensitive nature of the data they store, these businesses are often selected by malicious actors for the financial gains they can make by accessing this information.

With threats emerging all the time, it pays to be protected against cyber attacks, as they can have devastating consequences for an organisation, including financial losses, business disruption, and reputational damage.

What are the primary cyber security threats that financial organisations have to face?

Unfortunately, financial organisations face a wide range of cyber threats that can prove challenging for security teams within such businesses.

According to a Metomic survey of CISOs across the US and UK, data breaches and phishing attacks were rated the joint number one concern in 2024 for security leaders. Data breaches can have serious implications for financial organisations as unauthorised users can access sensitive information, leading to monetary losses and reputational damage. After all, how can a customer or partner trust an organisation with their financial information if hackers have managed to get hold of it?

Particularly for financial institutions, this can lead to dire consequences such as customers experiencing identity theft, or criminals selling their information on the dark web where it can be used fraudulently by other malicious actors too.

There is also the risk of insider threats who may leak data intentionally or accidentally, giving access to unauthorised users. This can be financially motivated if carried out by a disgruntled employee, or simply as a result of negligence, giving security teams the added incentive to train employees effectively and build a Human Firewall to protect against such behaviours.

Financial organisations that rely on third-party vendors will also need to carry out due diligence on their suppliers to ensure that they are complying with industry standards and have the correct security measures in place to prevent their own systems being hacked.

What are the top 5 emerging threats financial organisations need to be aware of?

With new threats emerging on an almost daily basis, financial institutions need to be proactive in their approach to data security.

Emerging threats financial organisations will need to be aware of are:

1. AI-Powered Cyber Attacks

AI technologies can be used for malicious purposes to automate attacks, or provide resources for hackers to do so - for example, creating believable copy to send phishing emails to unsuspecting victims. Because of the sophisticated nature of AI tools, it can be difficult to prepare for these attacks, or detect them once they are in action.

An AI attack on a financial institution can be devastating for customers but also poses risks to financial stability in general.

2. Supply Chain Vulnerability

While security teams can do everything in their power to secure their own organisation, there should also be an emphasis on third party risks. According to Risk Ledger, ‘financial services companies have seen a 63% increase in cyber attacks that originated through their supply chains’ with ‘supply chain attacks becoming the second most prominent cyber threat facing organisations today.’

With the increased risks that third parties introduce to a business, security teams should ensure due diligence is carried out to reduce the chances of data breaches or leaks occurring.

3. Cryptocurrency Malware

The introduction of cryptocurrency can bring new challenges to financial organisations such as crypto-jacking malware used to infect systems and mine cryptocurrencies, or fraudulent schemes exploiting the anonymity of blockchain transactions.

4. Cloud Security

Since the 2020 COVID pandemic, more businesses have adopted cloud technology to accommodate global workforces, but teams will need to ensure these are configured correctly to minimise vulnerabilities within the ecosystem.

‍Access controls should also be put in place to prevent unauthorised users accessing sensitive financial information stored in the cloud.

5. Deep-fake Technology

As AI progresses, deep-fakes may be used to create realistic video or audio content to dupe employees into sharing sensitive information, or carrying out fraudulent activities.

How can security teams best prepare and mitigate current and future threats?

Security teams stand the best chance of mitigating current and future threats by implementing a holistic data security posture.

Regular risk assessments can help security teams identify vulnerabilities, understand the potential impact of a cyber attack, and prioritise mitigation strategies to reduce the risks to their business. Incident response planning is also helpful so that individuals are clear on the exact steps they would need to take should a cyberattack occur.

One of the main takeaways from the Metomic CISO survey was that four-fifths of CISOs and IT security leaders plan to implement AI-powered tools to fight emerging AI-based security schemes and threats. With more than half of the survey respondents concerned about employees uploading sensitive data to Large Language Models (LLMs) such as ChatGPT, educating employees on the importance of securing sensitive data is crucial.

Keeping systems up to date and promptly applying security patches is also imperative when it comes to protecting sensitive financial data within an organisation.

What regulations do financial organisations have to adhere to?

The regulations that financial organisations will need to adhere to will depend on the type of organisation, as well as the geographical location of the organisation and its customers. Some key requirements include PCI DSS 4.0, GDPR and GLBA.

Read a full list of compliance regulations for financial organisations here.

Are there any regulations being updated soon?

Yes, PCI DSS v4.0 was released in March 2024, with the next phase being released in March 2025. This is a key requirement for many businesses, so ensuring compliance is vital, and there are 13 new rules to adhere to.

It’s imperative that compliance teams within financial organisations are informed of regulatory changes, and are able to put the necessary procedures in place to ensure they remain compliant and are still able to trade without facing business disruption, penalties, and reputational damage.

📝Report: The State of Data Security in Financial Services

In our 2024 ‘The State of Data Security in Financial Services’ report, we dissect our own proprietary data to understand how financial services companies are navigating data security. You'll find:

• The pivotal data types that hold significance for Financial Service Companies
• A comprehensive understanding of the risks posed by stale data and effective management strategies
• Compelling reasons why financial institutions should prioritise attention to access controls