The outlook for the banking sector in 2025 is generally positive. But with credit losses set to rise 7% during the year to $850bn, there’s no room for complacency. That’s why many financial services firms are looking to technology improvements to drive competitive advantage through improved customer experience and back-office efficiencies. Yet these efforts will be built on sand if security isn’t designed into initiatives from the outset.
If not managed effectively and continuously, cyber risk can derail important modernization projects, create compliance headaches and chip away at customer trust.
Why modernization matters
IT infrastructure and digital services sit at the heart of today’s global banking system. In fact, the sector invests $650bn out of the $4tn spent on IT each year, according to Gartner. That’s more as a percentage of revenue than any other major industry, says McKinsey. The global consultancy believes digital transformation “has become an imperative” for financial institutions, and it’s not hard to see why. Across the globe, banks are investing in:
Cloud computing infrastructure and software to drive IT agility and enhance performance, scalability and sustainability initiatives, while reducing CapEx outlay on expensive technology systems.
Open Banking initiatives, driven by regulatory mandates, which enable them to create innovative new products and services to head off the challenge posed by fintech upstarts.
AI and machine learning (ML) systems, which promise to revolutionize the way banks can personalize and improve customer service, anticipate market trends, and enhance business decision-makig.
Data analytics, powered by cloud infrastructure and AI/ML models, which can pore through vast quantities of data to pick out important patterns and surface critical information. This can be used to streamline processes, reduce costs and improve performance, as well as supercharge efforts including fraud detection and business planning.
Cyber opportunity equals cyber risk
Among the downside risks for 2025 that financial sector analysts have flagged, two are tellingly technology-related. They include “emerging risks from new technologies such as AI” and, more broadly, “cyber threats.” This speaks to the importance of cybersecurity to any banking modernization initiative.
As a critical infrastructure sector which stores large volumes of highly sensitive personal and corporate information, banking is a popular target for threat actors. By one estimate, it was the second-most attacked industry in 2023, accounting for a fifth of incident response investigations. And at an average of $6m, breaches cost more per incident than any other industry apart from healthcare.
More specifically, threat actors could undermine modernization efforts by:
- Taking advantage of cloud computing misconfigurations and security gaps
- Targeting Open Banking APIs and data as it shared with third parties
- Stealing or “poisoning” training data used by analytics and AI/ML systems
Security by design and default
This is why it’s critical for banks to ensure any modernization initiative has security baked in from the start. That means making sure security has a voice when important business decisions are made, and that data protection impact assessments (DPIAs) are incorporated into governance. It’s not just about reducing the risk of financially and reputationally damaging security and data breaches. There’s also a positive case to be made for security as a business enabler and engine for growth if it can be used to support modernization strategies.
Any such strategy should begin with what’s most important: protecting the data itself. Solutions like comforte’s Data Security Platform deliver automated and continuous data discovery and classification combined with strong data protection. This includes tokenization, which is designed to protect data while enabling it to be used for data analytics.
Other important elements of a holistic banking security strategy should include:
Access controls: Role-based access controls (RBAC) and “least privilege” policy supported by multi-factor authentication.
Continuous monitoring: Logging and alerting to spot suspicious behavior on internal networks and contain the threat before it can impact the organization.
Data governance: A comprehensive program to ensure regulatory compliance and continuous staff awareness training.
Cloud workload protection: Continuous monitoring and safeguarding of workloads across multiple cloud environments.
Cyber-hygiene: Best practices like prompt patching to reduce the attack surface.
Anti-malware: Across all endpoints – from remote working laptops and mobile devices to servers.
With security as the default setting, banks can not only mitigate business risk, but drive future success.
