2024 Thales Global Data Threat Report: Trends in Financial Services

In the ever-evolving landscape of cybersecurity, financial services (FinServ) firms stand as both critical pillars of the global economy and prime targets for cybercriminals. The sensitive nature of the data they handle, coupled with stringent regulatory requirements, necessitates robust security measures. The 2024 Thales Global Data Threat Report sheds light on the current state of cybersecurity within the financial services sector, revealing significant trends, challenges, and advancements in security practices.

Breach History Decreases

One of the most encouraging findings from the report is the decline in breach incidents among financial businesses. According to the survey, 39% of financial organizations reported experiencing a breach, a notable decrease from the 49% average across all industries. Furthermore, the percentage of firms that faced breaches in the past year plummeted from 29% in 2021 to just 14% in 2024.

Despite this positive trend, ransomware remains a significant threat, with 18% of FinServ firms reporting attacks. While this figure is lower than the general average, it highlights the ongoing need for effective ransomware response strategies. Alarmingly, less than 50% of organizations across various sectors have a formal plan in place to address ransomware incidents.

Multi-cloud Adoption is Increasing, and So Does Complexity

As financial services firms increasingly adopt multi-cloud strategies, the complexity of securing data in these environments has grown. The report indicates that 64% of FinServ organizations find it more challenging to secure cloud data compared to on-premises systems, a sentiment echoed by 55% of general respondents. The rise in multi-cloud usage—from 54% in 2022 to 73% in 2024—contributes to this complexity, as firms juggle multiple hyperscalers and security solutions.

Operational complexity is further exacerbated by the number of key management systems in use. Nearly 49% of respondents reported using five or more systems, which increases the risk of mismanagement and potential vulnerabilities. However, there is a silver lining: many financial institutions are recognizing the need to streamline their technology stacks, with the percentage of firms using 50 or more SaaS applications dropping from 32% to 24% over the past two years.

The Hurdles and Benefits of Compliance

Compliance with an array of regulations remains a significant challenge for financial services organizations. The report highlights that firms adhering to regulations such as PCI DSS and the EU’s Digital Operational Resilience Act (DORA) are experiencing better security outcomes. Among those that failed compliance audits in the past year, 80% reported at least one breach. In contrast, only 15% of organizations that passed all audits had a breach history, underscoring the correlation between compliance and security effectiveness.

The Dangers of Emerging Technology Trends

As technology evolves, so do the threats facing financial services. Concerns surrounding quantum computing and its potential to compromise traditional encryption methods are on the rise. The report reveals that 72% of financial services respondents are exploring post-quantum cryptography (PQC) solutions, with 30% planning to develop resilience strategies against these emerging threats.

Additionally, the adoption of artificial intelligence (AI) is gaining momentum, with 27% of FinServ firms planning to integrate AI into their core products and services within the next year. However, while 71% are in the integration phase of Generative AI (GenAI), 73% express concerns about the rapid changes in technology challenging their existing plans.

How Access is Managed

Access management is a critical area of focus for financial services organizations. The survey indicates a shift towards maintaining access security control within organizations, with 43% agreeing that this responsibility should not solely rest with cloud service providers. This shift reflects a growing concern over data sovereignty and the need for independent security solutions.

Moreover, 73% of FinServ organizations have adopted multifactor authentication (MFA) to secure cloud data access, aligning closely with the overall average of 74%. However, there is a pressing need for robust MFA solutions that go beyond SMS or email-based methods to enhance security.

The Next Steps

As financial services firms navigate a complex landscape of threats and challenges, proactive measures are essential. From formalizing ransomware response strategies to ensuring compliance with stringent regulations, organizations must prioritize security to safeguard their operations. The 2024 Thales Global Data Threat Report serves as a vital resource for understanding the current state of cybersecurity in the financial sector and offers insights into the steps firms can take to enhance their defenses.

For a deeper dive into the findings and recommendations, download the full Thales 2024 Data Threat Report: FinServ Edition.

In conclusion, the 2024 Thales Global Data Threat Report highlights both the progress and ongoing challenges faced by financial services organizations in the realm of cybersecurity. As the threat landscape continues to evolve, staying informed and proactive will be key to maintaining security and compliance in this critical sector.