Exclusive: Financial sector most susceptible to AI-powered cyberattacks
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Sarah Grillo/Axios
Firms in the financial sector were more likely to face an AI-powered cyberattack in the last 12 months than any other sector, according to new research from Deep Instinct.
Why it matters: Financial services companies are ripe targets for cyber criminals because of their vast customer networks, from everyday consumers to major corporations.
By the numbers: 45% of financial services organizations faced an AI-powered cyberattack in the last 12 months, according to the Deep Instinct survey shared exclusively with Axios.
- Meanwhile, just 38% of experts who work in other industries said the same.
- 55% of financial services organizations also reported a rise in deepfake attacks in the last year, compared to 43% of those in other industries.
- Deep Instinct, a cybersecurity company that offers AI tools to prevent cyberattacks, conducted the survey in April among 500 cybersecurity experts across various sectors. The respondents all work at companies with at least 1,000 employees.
Driving the news: OpenAI CEO Sam Altman warned of an "impending, significant fraud crisis" at a Federal Reserve event in Washington last week.
- Altman noted that the crisis is coming "very, very soon" in part because of the ways AI can be manipulated to impersonate people.
The big picture: The financial sector is facing an array of AI-enabled phishing, deepfake and malware attacks, Carl Froggett, chief information officer at Deep Instinct, told Axios.
- AI tools have lowered the barrier to entry for these attacks, making it possible for even lower-level cyber criminals to pursue sophisticated attacks, Froggett added.
Yes, but: The finance sector is more resilient to these types of attacks because of their long history of cybersecurity investments, said Froggett, who also spent nearly 25 years working on security at Citi.
- "Financials really started treating cyber as an upcoming threat in the early '90s," he said. "They've got a big head start on everybody else, they built it into their organizations."
Between the lines: Most organizations, including in finance, have started shifting their cybersecurity strategies from detection and remediation to a fully predictive and preemptive strategy.
- In another Deep Instinct report published last month, 82% of organizations said they've shifted to a prevention-focused strategy.
- Doing this has forced companies to quickly adapt and update their security playbook. "They went off-cycle [in purchasing new tools] probably because of the success of the attacks," Froggett said.
What to watch: Cyber criminals are still early in adopting these tools, and their skills will only improve as their AI adoption matures.
- "They're only just getting started," Froggett said. "The bad actors are just scraping the surface of what they can do with dark AI."
Go deeper: Ransomware gangs experiment with AI
