Kaspersky Shares Top 5 Trends in the Financial Sector

The financial industry is rapidly advancing into a new digital era—more dynamic, intelligent, and interconnected than ever before. However, it brings not only rapid operational processes, highly personalized customer experiences, and limitless scalability, but also opens a door for cyber risks to slip through.

According to the Kaspersky IT Security Economics 2024 report, banking, financial services, and insurance (BFSI) organizations spend an average of $1.2 million a year on cybersecurity. While this figure may seem substantial, it pales in comparison to the cost of a major security incident—approximately $3.2 million, which is 2.7 times the annual cybersecurity budget. This underscores the reality that digitalization is unavoidable, and inadequate security measures directly increase the risk of becoming the next high-profile breach.

Kaspersky experts emphasize the following trends rewriting the rules in the financial sector:

1. Open Banking APIs—The vision of customer-centric innovation is accompanied by a darker reality. Each API serves as both an opportunity and a potential entry point for malicious actors. There is no room for compromise when it comes to security and compliance.
2.  Banking-as-a-Service (BaaS) enables rapid deployment of banking services through pre-built infrastructure. However, shared risk is a genuine concern: a breach within one partner’s system can cascade throughout the entire ecosystem, jeopardising stability and eroding trust
3. Embedded Finance—Payments and lending functionalities integrated directly into retail applications, delivery platforms, and other services. While seamless and unobtrusive to users, these channels extend beyond traditional security boundaries. Protecting them requires a proactive approach involving continuous monitoring and comprehensive end-to-end security measures.
4.  Cloud migration facilitates faster scaling yet introduces risks such as misconfigurations, unclear responsibilities, and increased exposure. Over 25% of BFSI leaders now rank cloud adoption among their top cybersecurity concerns, underscoring the importance of robust cloud security strategies.
5.  Artificial Intelligence: already utilized by approximately 75% of financial institutions, with an additional 10% planning to adopt soon. AI enhances operational efficiency, improves insights, and automates risk assessments. Nonetheless, it also introduces new threats, including manipulated models, synthetic fraud, and AI-driven phishing attacks, which complicate the distinction between genuine and malicious activity.

The expanding threat landscape

But lurking behind these everyday breaches are Advanced Persistent Threats (APTs) — organised, well-funded, and relentless adversaries. Groups such as Carbanak execute global campaigns worth billions, exploiting zero-day vulnerabilities and supply chain weaknesses.

The expanding threat landscape

While innovation drives growth, it simultaneously amplifies vulnerabilities. The cyberthreat statistics speak for themselves:

• Ransomware dominated 2024, making up 42% of incidents in the financial sector.
• Phishing struck nearly one in four attacks, with 24% specifically targeting banking customers.
• Human error accounted for over 25% of breaches, often from deliberate policy violations.
• Infostealers are rampant: one in fourteen infections leads to stolen card data.

But lurking behind these everyday breaches are Advanced Persistent Threats (APTs) — organised, well-funded, and relentless adversaries. Groups such as Carbanak execute global campaigns worth billions, exploiting zero-day vulnerabilities and supply chain weaknesses.

The consequences of cyber incidents are tangible and costly. The repercussions range from disrupted customer services to attacks that remain undetected for weeks, eroding trust and confidence.

To stay ahead, financial organizations must adopt a comprehensive, ecosystem-based cybersecurity strategy that would empower teams to address every threat, whether anticipated or hidden.