SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Data breaches fall but AI & ransomware challenge finserv

Thu, 17th Oct 2024

Thales has published its 2024 Data Threat Report for Financial Services, highlighting a decrease in data breaches within financial services organisations alongside ongoing challenges in ransomware response and rising security concerns due to the rapid adoption of generative AI (GenAI).

The report indicates a decline in the breach rates against financial services organisations, with 39% of firms experiencing breaches historically, a reduction from 49% in the broader survey results. More noteworthy is the marked decrease in recent breach incidents over the past year, halving from 29% in 2021 to 14% in 2024.

Despite these improvements, the preparedness for cyberattacks remains insufficient across the sector, with only a quarter of financial services respondents confirming they have a formal incident response plan. This is a slight improvement compared to the general survey population.

Ransomware attacks represent a significant ongoing challenge, with 18% of financial services organisations reporting such incidents. Alarmingly, only 25% have formulated a response plan to combat ransomware, despite being subject to regulatory requirements. Of those that have faced ransomware attacks, 5% resolved the incident through ransom payments, and 9% are willing to consider this option for future attacks.

The rapid adoption of GenAI technologies has emerged as a key concern, with 27% of financial services organisations planning to integrate AI into their operations in the coming year. This figure exceeds the overall organisational average by 5 percentage points. While 73% acknowledge the challenge posed by fast-evolving GenAI environments, 71% are advancing with production deployments.

"A mix of sensitive, high-value data and robust compliance regulations mean financial service organisations across ANZ tend to be further advanced than other sectors when it comes to security and overall cybersecurity," said Erick Reyes, ANZ Director, Data Security for Thales.

"While compliance mandates remain one of the industry's biggest challenges, our research indicates that compliance achievements drive better security outcomes, leading to fewer breaches. As more regulations such as APRA's CPS 230 come into effect within the next year, finserv organisations must remain proactive, in control and on top of both government and industry requirements."

The integration of cloud services and DevSecOps also features prominently in the reported challenges. Financial services institutions reported that 43% of their data is stored in the cloud, with a rise in the use of multiple cloud providers from 54% in 2022 to 73% in 2024.

Human error emerged as the leading cause of cloud-based data breaches, accounting for 41% of incidents, a 10-point increase compared to the wider survey cohort. Difficulties with multifactor authentication and unexpected vulnerabilities were also noted as critical issues.

"What is concerning when we look at new threats coming from technologies, such as generative AI and even quantum computing, is an overall lack of preparedness," Reyes stated.

"Three in four organisations globally do not yet have a formal plan in place should they fall victim to a ransomware attack. Others continue to struggle with the complexities of securing their assets in the cloud, as well as integrating security within their development and operational processes."

The report underscores the importance of compliance measures, finding that organisations failing recent compliance audits were significantly more likely to have experienced data breaches. Conversely, financial services firms that succeeded in compliance audits reported a much lower breach history.

The financial services sector is also beginning to address future threats from quantum computing, with 72% showing interest in post-quantum cryptography. Among these, 48% plan to evaluate quantum-resistant algorithms in the ensuing 18-24 months, highlighting a proactive approach to future-proofing data security.

Thales conducted this research among a targeted group of financial services professionals across 18 countries, drawing findings from a broader Data Threat Report. The insights reflect trends and security strategies as the industry continues to navigate an evolving cyber threat landscape.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X