The State of Security in Financial Services

Our survey of security professionals worldwide uncovered that the state of security in 2024 is a bit of a contradiction. Here, we highlight key findings from financial services respondents surveyed for this year’s report.

The financial services industry is optimistic — 50% say cybersecurity has gotten easier. But there’s more work ahead.

Financial services respondents were more optimistic about meeting evolving cybersecurity requirements than cohorts in other industries, partly due to higher collaboration across IT and engineering. They’re also busy navigating a dynamic threat landscape and stringent compliance requirements. However, they also realize the potential risks of generative AI. Three-quarters (76%) of respondents admitted they don’t have enough education or fully understand its implications and 39% ranked AI-powered attacks as a top concern.

Splunk for Financial Services

Racing to harness AI

Generative AI comes with both risks and opportunities. Many in financial services are troubled by how adversaries will use it, with 80% agreeing it will expand the attack surface to a concerning degree. Malicious attackers aren’t their only worry—84% believe more data leakage will accompany generative AI use.

Despite those apprehensions, leaders remain optimistic on other fronts. Financial services respondents were more apt to recognize generative AI’s role in alleviating the talent gap. Ninety-two percent say security operations center (SOC) personnel can lean on generative AI to develop their skills, and 86% think it can help them hire more entry-level talent.

Who has the generative AI advantage?

Financial services respondents gave the edge to adversaries:

47% believe adversaries will benefit most

42% say defenders will have the edge

For more insight into the race to harness AI, read Splunk’s 2024 State of Security full report.

Get the Report

Sizing up the threat landscape

The financial services sector confronts threats along several attack vectors. The majority have experienced at least one data breach (52%), business email compromise (52%) or system compromise (51%). Over half (54%) have been targeted by cyber adversaries stealing data and threatening to release confidential information.

Leaders are meeting the challenge head-on. Ninety-six percent will increase spending on cybersecurity in the next two years. Some top priorities include:

Implementing zero trust principles and approaches
Testing out cloud-based security analytics and operations technologies
Creating formal documentation on security operations processes
Training cybersecurity and IT operations staff

78%
say frequent changes and growth in the attack surface make managing and maintaining security hygiene difficult.

Adapting to changing compliance requirements

Regulation is now an undeniable mainstay of security strategy as companies navigate a wave of new mandates, including the Digital Operational Resilience Act (DORA) in the EU, T+1 in the U.S., and the global push toward open banking. Most financial services respondents (62%) are already impacted by regulations that require timely disclosure of material breaches.

The pressure to comply is mounting as executives can be held liable. Forty-three percent of those surveyed in financial services called regulatory compliance violations a significant worry. They also acknowledge the increased workload: 82% believe the regulatory environment is compelling senior security professionals to be on call 24x7x365.

How the financial services sector is winning at compliance:

88% are ramping up compliance training for the security team.

91% say their teams make compliance part of their daily work.

90% agree to strongly agree that maintaining compliance requires an additional, dedicated team.

The security landscape is in flux, but financial services leaders are navigating it skillfully.

Learn more about today’s State of Security — and see how Splunk can help.

Get the Full Report

Financial Services Overview