In 2024, the financial industry remains the most targeted sector for data breaches, highlighting the urgent need to fortify the industry as we head into 2025, as emphasized by SailPoint.
Statistics reveal that approximately 65% of financial organizations worldwide have fallen victim to ransomware attacks in 2024, a concerning rise from 64% in 2023 and a stark contrast to the 34% reported in 2021. Moreover, 46% of financial companies have reported breaches within the last two years, indicating the prevalent threat landscape that these institutions face.
One of the major concerns highlighted in the survey is the vulnerability stemming from overprovisioning third-party identities or non-employees, a risk factor acknowledged by 80% of organizations. The influx of identities accompanying mergers and acquisitions (M&As) also amplifies risk, with 77% of respondents expressing concerns about the lack of visibility into additional identities’ access, leading to identity challenges during offboarding and transfers.
A notable gap identified is the lack of coverage for non-employees, such as contractors and partners, in existing identity security solutions. Despite this gap, less than half of the respondents (47%) expressed a desire to address this issue, indicating room for improvement in this aspect of identity security.
Wendy Wu, CMO at SailPoint, emphasized the evolving cyber risks faced by financial institutions as they undergo growth and transformation. The complexity introduced by mergers and acquisitions, the proliferation of machine and third-party identities with access privileges, and the increased volume of unmanaged sensitive data all contribute to heightened areas of risk that necessitate governance and protection to mitigate the threat of data breaches targeting this sector.
Compliance emerges as a major obstacle for financial service organizations, with 93% struggling to maintain compliance standards. Common pain points include resource limitations, manual processes, and significant time investments, culminating in 64% of respondents receiving identity-related audit citations over the past two years. The imperative to reduce cyber and compliance risks underscores the importance of leveraging effective identity security solutions.
The report also sheds light on the shortcomings of existing identity security tools, with many requiring excessive manual processes (53%) and lacking automation (49%). These deficiencies result in sluggish and error-prone operations, compliance challenges, and heightened risks, particularly during identity surges accompanying M&A activities.
Wu reiterates the critical nature of modernizing and automating identity security approaches within the financial services industry, given its attractiveness to cyber attackers due to the wealth of personal data. With breaches costing over $6 million on average and regulatory fines escalating, the need for unified, centralized identity management platforms for enhanced visibility and risk mitigation becomes imperative.
The insights presented in the report stem from a comprehensive global survey encompassing over 300 Identity and Access Management (IAM), IT security, and audit and compliance leaders, providing a comprehensive overview of the prevailing state of identity security within the financial services sector. As threats continue to evolve and cyber risks escalate, the call for proactive measures to safeguard sensitive information and fortify defenses within the financial industry grows increasingly urgent.