Future-proofing financial services: The new era of AI-enhanced identity security
The banking sector was recently disclosed as the most trusted industry to handle data collection, according to the 2024 Thales Digital Trust Index. Yet, findings from SailPoint's 'State of Identity Security in Financial Services' report revealed that 93% of IT and IT decision-makers in the financial services sector have grappled with identity-related security breaches in the past two years alone.
In fact, the IBM Cost of Data Breach Report notes the top three industries with the highest average breach costs in Australia include: Financial Services (AUD $5.56 million), Technology (AUD $5.06 million) and Education (AUD $4.61 million), higher than the average cost across the country (AUD $4.03 million).
The numbers certainly don't lie and paint a clear picture: financial services industry (FSI) leaders are facing significant hurdles in protecting sensitive data and managing access to it effectively.
I believe there is a trifecta of challenges that are reshaping the way security, risk, and technology are managed. These challenges—skills shortages, the need for modernisation and consolidation, and the ever-changing regulatory compliance and cybersecurity threats—are not just operational hurdles but strategic imperatives that demand innovative approaches using a combination of modern technology and education.
Talent and skills challenge: doing more with the same (or less)
As we continue to face an ever-evolving, complex threat landscape, the scarcity of highly skilled cybersecurity professionals is a pressing issue, with the cost of talent and the need for specialised skills to navigate the digital landscape driving organisations towards offshoring strategies. The challenge for financial services leaders is not just finding the right talent but doing so in a way that is sustainable and cost-effective without putting security governance priorities at risk.
This is where FSI leaders must shift their thinking and look at how AI-driven identity security solutions can help organisations do more with the same or less by automating complex identity processes and enhancing their defence mechanisms against evolving threats.
By implementing these solutions, organisations can reduce the dependency on a large cybersecurity workforce, manage identity security more efficiently, and detect hidden vulnerabilities and threats, thereby optimising risk management efforts, even with constraints in skills and expertise. This increased threat visibility and the ability to respond to anomalies in real-time significantly reduce the bandwidth drain on security teams, enabling them to focus on strategic initiatives rather than routine tasks.
Modernisation and consolidation: large-scale transformation is the new "downsizing"
Organisations are also grappling with the complexities of integrating legacy systems with new digital technologies, a process that is often hindered by the siloed nature of traditional IT environments. The goal is to create a seamless transition to an operational landscape that supports both current needs and future growth without disrupting end-user experiences or compromising security and compliance.
The imperative to modernise and consolidate the technology stack is driven by the need for efficiency, security, and agility. Yet, one of the traps we often see is when organisations apply the wrong simplification to a complex issue – effectively making the problem even worse.
According to respondents of the SailPoint State of Identity Security in Financial Services report, the most common benefits of identity security include the ability to connect their identity program to horizontal applications (49%), cost and/or time savings within IT and security teams (45%), and more control and visibility into users (44%).
SaaS-based software, AI and automation can help organisations evolve despite complex digital infrastructures by addressing the underlying digital IT and cybersecurity requirements. AI-driven identity security facilitates transformation projects by integrating legacy systems with new digital technologies without compromising the user experience.
Keeping up with evolving regulatory compliance and cybersecurity threats
Regulatory compliance is a critical concern for financial services companies, with regulations such as those set by the Australian Prudential Regulation Authority (APRA) and global standards like GDPR and PCI DSS imposing stringent requirements. Conversations from heads of cyber, digital, and IT all the way up to the board of directors lean on implementing cybersecurity measures that are robust and adaptable to changing threats and regulations.
Often, a breach occurs from inside the security perimeter when a perpetrator logs in with the use of stolen credentials, rather than an outsider "hacking" their way in, as we've seen with recent breaches such as Latitude Financial's cyber-attack in 2023, compromising more than 14 million customer records in Australia and New Zealand.
Identity security solutions proactively detect and revoke inappropriate access and policy violations, strengthening security and providing proof of compliance to auditors. AI powered software automatically check access policies before granting new access privileges, unifying and centralising access certifications across various systems, which is crucial for maintaining compliance in the face of evolving threats. By automating essential processes such as access requests, identity certifications, and reviews, organisations can quickly generate comprehensive reports demonstrating "who has access to what" when auditors request proof of compliance, thereby streamlining the compliance process.
Future-proofing financial services: strategic imperatives for leaders
Financial institutions are ultimately built on the trust of their customers. In this context, any compromise to security and governance is not worth the compromise.
Addressing these challenges requires a strategic approach that balances operational efficiency with security and compliance. The challenges facing the FSI sector in Australia are significant, but they also present an opportunity for leaders to rethink their approach to cybersecurity, identity governance, and technology management. By focusing on strategic imperatives that address skills shortages, digital transformation and technology consolidation, and the dynamic regulatory and threat landscape, financial institutions can navigate these challenges effectively.