AI Cyber Security Arms Race in Financial Services

Published on: 5th January 2024
AI Cyber Security Arms Race in Financial Services

As generative AI becomes more proliferated throughout the web, executives in financial services and threat actors are pitched against each other in an arms race to attack and defend cyber assets.

The financial services sector is particularly vulnerable, with its host of sensitive personal and financial data making it a key target for people looking to commit cybercrime. In the last year alone, there was a threefold increase in the number of breaches in the financial sector.

Generative AI can be used to create new media, including audio, code, images, text, and videos, all of which can provide an opportunity for companies to develop automated systems and controls to protect themselves from cyber crime. Yet at the same time, it can be harnessed to perform fraud at increasing rates of deployment and sophistication.

Major industrial and political parties recognise the threat. The Federal Reserve Board noted cyber attack as the biggest risk to financial institutions’ ability to operate and safeguard customer data, and Barclays CEO Matt Hammerstein noted it was “incredibly important” to continue investment in defending against the multitude of large fraudulent organisations and state sponsored criminals in the illegitimate economy.

The types of AI powered attacks the financial services sector is open to include deepfakes, with 37% of organisations globally having experienced deepfake voice fraud attempts, as well as quicker search of vulnerabilities and automated, highly targeted phishing emails. In addition, synthetic identity fraud and document forgery fraud can both be bolstered by the ability to generate realistic documents with a mix of real and believable data.

Whilst the price of victory is great for a threat actor, so too the cost of attack is great for financial services organisations. Immediate and ongoing fees include ransomware payments, remediation fees, PR fees, legal costs, customer compensations, and the increased cost of insurance premiums. Non-compliance fees from regulatory bodies such as PCI DSS cost between £4,000 to £80,500 a month alone.

This is not to mention the disruption to service as resources are directed to remediation, such as rebuilding systems and restoring data, plus the immeasurable and potentially irrecoverable value of client trust and a damaged reputation. It’s a case of evaluating if you can afford not to invest in your cyber security infrastructure and training.

At Communicate Technology we have the expertise to assess your current cyber security posture and work with you to take your security to the next level, as we have done with one of our clients, a leading European Insurance company. With everything from penetration testing for identifying vulnerabilities to our intelligent integrated XDR, SIEM, and SOC service NAZAR X, get in touch to chat about winning your AI arms race.

Speak to our engineers and experts.