Cybersecurity considerations 2024: Financial services sector

The global economy entered 2024 with momentum amid dueling tailwinds — easing supply chain pressures, moderating inflation — and headwinds — geopolitical tensions, increased regulatory scrutiny. These factors are testing the resilience of financial services (FS) business models and pushing sector leaders to explore innovative avenues for value creation while managing emerging cybersecurity risks and privacy concerns.

This relatively unsettled macroeconomic backdrop will challenge the FS sector in new ways over the coming year.

Security teams need to focus on what’s coming next. An evolving wave of disruptive technology — particularly generative AI, the imperative to automate, shoring up firms’ data foundation, and the trend toward embedded finance — is exposing FS executives to vulnerabilities with which they have never had to contend.

On the one hand, digital proliferation is blurring global borders, making it daunting to harmonize growth initiatives with shifting regulatory requirements. As the demand for seamless and personalized experiences grows, so do the challenges of providing comprehensive security and data privacy — making digital identity management more complex than ever.

Simultaneously, the exponential growth of data and increasing adoption of cloud-based systems have expanded the cyberattack surface, underscoring gaps in vulnerability management and the ability to address incidents in a timely manner.

Today, the focus is an intensified risk dialogue between cyber and business executives to enable future readiness and orchestrate strategies rooted in resilience, innovation, security, and trust.

This article explores cybersecurity considerations in the FS sector and provides a roadmap for navigating these challenges successfully and responsibly in an evolving threat and regulatory landscape.

Consideration 1: Navigate blurring global boundaries/regulatory environment

As the FS sector continues to scale technology innovations, regulators are responding with new cybersecurity standards to balance growth with governance. The daunting task for today’s security professionals is to calibrate their regulatory reporting for an increasingly borderless world while maintaining security controls that can be tailored to local requirements.

Navigating diverse regulatory landscapes – Balancing compliance in a constantly evolving cyber and privacy regulatory space is a significant objective for multinational FS companies, especially when these rules may vary significantly across jurisdictions.

Adapting to national interests and information sovereignty – National interests have inspired diverse regulatory requirements over data sovereignty, complicating global service delivery. Maintaining global accessibility and local compliance calls for substantial investments in local infrastructure and extensive operational modifications.

Supply chain security compliance – With supply chains stretching across continents, vulnerabilities have multiplied due to differing cyber controls and transparency requirements. Ensuring security and compliance for every entity involved necessitates rigorous vetting and oversight, which can escalating complexity and costs.

Incident reporting in a global context – The disparate incident reporting requirements across jurisdictions require flexible and efficient reporting mechanisms that can incorporate evolving cybersecurity mandates while ensuring prompt, accurate disclosures.

Privacy regulations compliance – In addition to navigating the SEC’s new cybersecurity disclosure rules and the Digital Operational Resilience Act (DORA) in the EU, the FS sector is grappling to implement privacy controls that are both globally consistent and locally adaptable to comply with global privacy laws such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the US. Striking a balance between customer data protection and operational flexibility remains a key challenge.

Building a resilient regulatory compliance framework – Navigating cross-border intricacies demands a sophisticated and agile approach to regulatory compliance, one that can swiftly adapt to new regulations while enhancing operational resilience on a global scale.

Enhancing data sovereignty measures – Investing in local data centers and cloud technologies with regional data storage options can help FS companies adapt to local regulations and efficiently meet data sovereignty requirements across different jurisdictions.

Strengthening supply chain security – FS companies can bolster their operational backbone against cyber threats and regulatory shifts by implementing robust security vetting and continuous monitoring processes within their supply chains.

Leveraging technology for compliance automation – Breakthrough technologies such as AI and blockchain can enable the sector to automate tedious compliance tasks, lower human error risks, and boost efficiency in incident reporting and privacy management.

Establishing global privacy standards – FS institutions can gain their advantage by spearheading the development and implementation of high global data privacy standards. This should not only foster a culture of security and customer trust, but also establish a benchmark for the entire ecosystem.

A central consideration for the FS sector is how to most effectively navigate the current business landscape to ensure resilience and business continuity. While multinational companies often lead the way in adopting emerging trends, smaller firms may often be less prepared to tackle these complexities. Through partnerships, firms can benefit from shared knowledge and enhance their security posture in response to evolving global regulatory demands without having to reinvent the wheel.

Consideration 2: Supercharge security with automation

Digital agendas are proliferating at a massive rate. With the increasing shift to cloud-based systems and remote work, the volume of data that needs protection is skyrocketing. As a result, the cyberattack surface is expanding, creating more alerts and triage events for FS cybersecurity leaders to manage. So, how can security teams keep detecting threat after threat and identify what to prioritize? One of the most efficient ways to do that is through automation.

Resource limitation and data overload – The FS industry faces the dual challenge of rapidly escalating cyber threats and a critical shortage of skilled cybersecurity professionals. This scarcity compounds the difficulty of managing, detecting and responding to threats while handling vast amounts of data. As a result, security operation centers (SOCs) are strained by the sheer volume of alerts to be analyzed and monitored.

Volume of vulnerabilities – The rapid evolution of technologies and discovery of software flaws leave FS firms with vulnerabilities, making prioritization and patching a daunting task. As mature organizations work on establishing robust response programs, capacity constraints impede effective, timely remediation.

Asset inventory maintenance – A mature asset management inventory has become a prerequisite for many cybersecurity processes, ensuring coverage of capabilities, asset ownership, and resource criticality. FS institutions often grapple with outdated or incomplete asset data that hinders effectiveness of risk and security processes.

Timely incident mitigation – The rising number of alerts and complex cross-platform interdependencies is contributing to delays in mitigating cyber incidents. SOCs grapple with this workload, causing delays in assessing and addressing each incident, potentially aggravating the impact of breaches.

Machine-learning-enabled vulnerability management – FS organizations are encouraged to revamp their vulnerability management programs to eliminate bottlenecks comprehensively. Automation can help prioritize, assign, and remediate high- and lower-criticality vulnerabilities using policy-as-code solutions.

Automated asset management workflows – Enhanced automated discovery processes can more effectively validate asset metadata and ownership, providing continuous, real-time asset inventory updates and ensuring accurate application of security protocols.

Proactive incident response controls – Organizations should emphasize proactive controls to automatically block and respond to potential network threats. Implementing advanced automated containment and blocking measures can curtail the spread of malicious activity, thereby minimizing the impact of security incidents.

Automated traditional Level 1 analyst triage – Leverage machine learning (ML) to correlate events across multiple sources of telemetry to reduce false positives and escalate important matters more quickly to Level 2 analysts.

As operating models digitize, SOCs should automate and upgrade their processes to keep pace. With security automation, FS institutions can secure the third-party ecosystem, assess vulnerabilities, and expose weak links within vendor and supplier ecosystems. Using AI and ML, the sector can centralize critical security processes for high-risk areas, enabling security teams to pursue more agile and efficient response times.

Consideration 3: Make identity individual not institutional

Today, the line between business-to-consumer (B2C) and business-to-business (B2B) security has blurred considerably. Driven by intersecting business models, it’s vital that FS organizations now view identity not in isolation but from a holistic perspective. That's an important driver toward an identity and access management (IAM) model that encompasses a new level of resilience suitable for federated, private, public, or multi-cloud computing environments.

Customer identity and access management (CIAM) strategies – As digital banking and financial services grow, so does the need for robust CIAM solutions that not only support seamless customer experiences but also protect customer identities and bolster trust.

Fraud detection and prevention – The FS sector is continuously challenged by sophisticated fraud schemes. This increasingly accelerates the need for identity analytics and behavior analysis to identify anomalous access patterns and transactions.

Regulatory compliance and identity management (IM) – Subject to rigorous regulatory requirements, including know your customer (KYC), anti-money laundering (AML), and privacy (e.g., GDPR, CCPA), many financial institutions are struggling to manage digital identities while ensuring compliance.

Entitlement sprawl and management – FS consumers and employees interact with various digital platforms, leading to entitlement sprawl and increased security vulnerabilities. Managing access rights becomes complex and error-prone, making the sector a prime target for identity theft and fraud.

Identity-focused attack surface management – The lack of a standardized authentication approach across FS institutions complicates the user experience and security protocols. Diverse methods lead to confusion, weaker security measures, and increased cyber risks.

The rise of deepfakes – The ease with which bad actors can alter content threatens businesses in virtually every industry and sector. Public and private organizations worldwide must maintain the appropriate computing power, forensic algorithms, audit processes, and talent to combat this threat.

Improving security and experience – Balancing convenience with security using tools like biometric authentication, single sign-on (SSO), and multi-factor authentication (MFA) can enhance the customer experience, leading to increased engagement and loyalty.

Security monitoring – Financial institutions can leverage identity analytics to detect fraud and protect customers and assets. This proactive approach can serve as a key differentiator in the market, attracting customers who prioritize data privacy. Beyond fraud, it is critical to tie privileged access, insider threat and non-human identities to the traditional security incident response processes through extended detection and response (XDR).

Regulatory-fueled transformation – Implementing effective IM tech solutions that automate compliance processes and reduce regulatory risks can build customer trust, leading to increased customer retention and attraction.

Automated entitlement management – Streamlining and automating entitlement management can help to enhances operational efficiency, reduces human error, and can mitigate insider threats. FS institutions can leverage advanced identity governance and administration (IGA) tech solutions to provide a secure, compliant, and user-friendly access management experience.

Unified identity – Adopting broad-ranging IM tech solutions and collaborating on industry-wide standards for authentication can strengthen how the sector defends against cyber threats and drives innovation.

Real-world cybersecurity in the financial services sector

In a recent cyber event, attackers exploited vulnerabilities in a key financial network to create fraudulent money transfer requests, resulting in significant financial loses. These breaches had a significant impact on a number of financial services firms, which rely heavily on secure file transfers to protect sensitive data.

The potential exposure of confidential financial information, as well as service outages and delays in the functioning of critical processes, posed a serious threat to the affected organizations. This not only jeopardized the privacy and security of clients, but also exposed the organizations to legal and regulatory consequences.

Affected companies were forced to allocate significant resources to investigating the extent of the breaches, identifying compromised data, and assessing the potential operational impact. They also had to implement additional security measures to prevent further breaches and regain client trust.

This episode was a wake-up call for the entire financial services industry, highlighting the need for robust cybersecurity measures and proactive risk management strategies. It emphasized the importance of regular software updates, thorough security assessments, and comprehensive ongoing employee training.

While the FS sector actively embraces advanced cybersecurity and IM measures, there is a pressing need to accelerate the adoption and preparedness level to keep pace with change. Evolving to a model where a digital identity with a high level of assurance is a reality will enable businesses to collect, store, and process less personally identifiable information, which would be a decidedly positive outcome for consumers.

Top priorities for FS security professionals

Developing and implementing a sophisticated framework for regulatory compliance that can adapt to different, constantly evolving laws across jurisdictions.
Aligning investments with local infrastructure and cloud technologies that meet data sovereignty requirements.
Establishing rigorous vetting and monitoring processes for supply chain security.
Leveraging innovative technologies like AI and blockchain to automate tedious compliance tasks.
Implementing automation for effective vulnerability management and proactive incident response.
Strengthening CIAM strategies to elevate security and customer experience.
Incorporating identity analytics for advanced fraud detection and prevention.
Advocating for standardized authentication practices across the industry.

How this connects to what we do

In addition to assessing your cybersecurity program and helping you to ensure it aligns with your business priorities, KPMG professionals can assist financial services organizations develop advanced digital solutions, advise on the implementation and monitoring of ongoing risks and advise on the design of appropriate response to cyber incidents.

KPMG professionals are adept at applying leading thinking to financial services firms’ most pressing cybersecurity needs and developing custom strategies that are fit for purpose. KPMG professionals offer a broad array of technology solutions including cyber cloud assessments, privacy automation, third-party security optimization, AI security, managed detection and response.