CFOtech India - Technology news for CFOs & financial decision-makers
India
Financial services breach risk rises as AI adoption surges

Financial services breach risk rises as AI adoption surges

Thu, 9th Jul 2026 (Today)
Sean Mitchell
SEAN MITCHELL Publisher

Gigamon has published survey findings on cyber risk and AI adoption in financial services. The research found that 98 per cent of breached financial services organisations reported a material impact.

It found that 77 per cent of financial services organisations had experienced a breach involving AI, while 54 per cent reported an increase in AI-powered social engineering attacks such as phishing and smishing. Another 47 per cent had seen more attacks targeting AI and large language model deployments.

The figures point to a sector adopting AI in security operations even as the technology creates new routes for attack. According to the survey, 91 per cent of financial services organisations have implemented AI-powered tools to strengthen data security, and 66 per cent have enabled AI-driven automation to initiate security actions without human interaction.

That compares with 53 per cent across industries overall for AI initiating security functions without human intervention, suggesting financial services groups are moving faster than peers in handing some operational decisions to automated systems.

Among organisations that suffered a breach, the reported consequences included financial losses, higher cyber insurance premiums, data loss and regulatory impacts. The findings also suggest that spending on security tools has not resolved longstanding monitoring problems across complex technology estates.

Visibility concerns

Despite 94 per cent of financial services organisations investing in new security technologies to improve detection and visibility, 42 per cent said it was taking longer to detect breaches. More than half, or 52 per cent, identified fragmented security tools as their biggest challenge in securing hybrid cloud infrastructure.

The survey also found that 95 per cent believe security depends on complete visibility across all data in motion. That reflects concern that a growing mix of cloud systems, encrypted traffic and AI tools is making it harder for security teams to build a clear picture of risk.

Malcolm Kelly, Managing Director, CISO and Head of Technology Risk, EMEA at SMBC Group, commented on the findings. "AI is forcing financial institutions to accelerate innovation and risk management at the same time. The opportunity is significant, but so is the complexity. Financial institutions need visibility into how data, applications, and AI systems interact across hybrid cloud environments so they can identify exposure early and respond with confidence," Kelly said.

Concerns over encrypted traffic and quantum-era threats also featured strongly in the results. More than one-third, or 36 per cent, of respondents identified encrypted traffic as their greatest breach vulnerability, while 88 per cent cited "harvest now, decrypt later" attacks as a major concern.

The phrase refers to the risk that attackers collect encrypted data now with the intention of decrypting it later when more advanced computing methods become available. In response, 93 per cent of financial services leaders said visibility into encrypted traffic is critical to post-quantum cryptography readiness, the highest response level recorded among the sectors surveyed.

Cloud exposure

The data also showed unease about where critical information should sit. Some 58 per cent of financial services leaders identified public cloud environments as their greatest source of breach risk, while 62 per cent said data lakes represent the most secure environment for critical data.

Nearly all respondents, or 94 per cent, said network-derived telemetry is critical to securing data lake environments. Gigamon uses the term to describe information such as metadata, packets and flows that can help security teams trace how data moves across networks.

Philip D. Harris, IDC Research Director, Governance, Risk, and Compliance Solutions, said the survey reflects broader changes in cyber planning. "The convergence of AI adoption, regulatory scrutiny, and post-quantum planning is reshaping how financial institutions think about cyber risk. Visibility into data in motion is becoming a foundational requirement not only for security operations, but also for governance, compliance, and operational resilience," Harris said.

The findings are based on responses from 139 security and IT leaders in financial services, drawn from a wider survey of more than 1,000 security and IT leaders. The research covered Australia, France, Germany, Singapore, the United Kingdom and the United States.

Gigamon argued that security investment alone does not ensure organisations understand how data moves across hybrid cloud systems. It added that 94 per cent of financial services leaders reported that what it calls deep observability is foundational to securing their AI deployments.

Shane Buckley, President and Chief Executive Officer at Gigamon, said the results show a gap between spending and control. "Financial services organizations are investing heavily in cybersecurity, but investment alone does not create control. The findings make it clear that visibility has become foundational to modern cybersecurity. Without a complete understanding of how data moves across hybrid cloud environments, financial services organizations cannot validate security outcomes, demonstrate compliance, or confidently manage risk," Buckley said.