Criminals have adapted, moving their attacks closer to the user. Stolen credentials now reign supreme in web application attacks targeting financial services. Fraud and page tampering are happening inside the user’s browser, bypassing traditional network perimeter defenses. surge-in-digital-banking Visa’s warnings about application fraud in digital banking underscore this escalating threat.
This evolution has caught many institutions flat-footed, still relying on security architectures designed for a bygone era.
Regulations like PCI DSS version 4.0 are attempting to address these new vulnerabilities, mandating specific controls for payment and authentication pages. Requirements 6.4.3 and 11.6.1 are designed to bolster security. But implementing these standards is proving to be a Herculean task.
The problem? Critical services and data now reside with cloud providers and data vendors, extending responsibility far beyond the traditional institutional perimeter. The expansion of API ecosystems and open banking frameworks has only compounded these challenges.
Cloud Misconfigurations: A Persistent Weakness
Cloud misconfigurations are emerging as a leading cause of breaches, highlighting the difficulty institutions face in overseeing their expanding third-party networks. The attack surface is growing exponentially, and visibility is shrinking.
Underlying all of this is a severe workforce crisis. The World Economic Forum’s Global Cybersecurity Outlook 2025 estimates that two-thirds of organizations are vulnerable due to critical cyber skills gaps. We’re not just talking about basic security hygiene; the shortages span AI and machine learning security, cloud security, and governance, risk, and compliance functions.
A staggering 90% of cybersecurity teams report at least one skills gap, contributing to a global workforce shortfall of 4.76 million positions. AI security expertise has rapidly ascended the ranks of in-demand capabilities, precisely as financial institutions are deploying machine learning models for their most sensitive operations.
The need for talent is so acute that even the most aggressive AI adoption strategies are threatened.
“We’re essentially trying to build a Formula 1 car with a pit crew that’s still learning to change tires,” quipped one CISO at a recent industry conference.
The financial services sector finds itself at a critical juncture. Addressing the AI skills gap isn’t just about mitigating risk; it’s about unlocking the full potential of AI to defend against an increasingly sophisticated threat landscape. The alternative? Continued breaches and ballooning costs, eroding trust in the very systems designed to power the future of finance.
