SailPoint Technologies has unveiled the 2024 State of Identity Security in Financial Services, a comprehensive report highlighting the top identity security challenges financial services companies face when governing identities, meeting security requirements, and ensuring compliance. The report revealed the top identity objectives for financial service providers, including improving identity governance controls, replacing manual processes with automation, and expanding identity programmes to manage third-party non-employees.
Findings indicate that nearly 80% of organisations are concerned about vulnerabilities resulting from overprovisioning third-party identities or non-employees, which increases the risk of cyberattacks. Additionally, a rapid influx of identities that often come with mergers and acquisitions (M&As), increases risk according to 77% of respondents. Companies that have acquired other companies may lack visibility into the additional identities’ access, which can lead to over-provisioning, access delays, and other identity challenges during offboarding and transfers.
Compliance is another shared frustration among financial service organisations, with 93% finding it difficult to remain compliant. Respondents’ most common pain points include a lack of resources, cumbersome manual processes, and large time commitments. As a result of these struggles, 64% received an identity-related audit citation over the last two years. Reducing cyber and compliance risks are among the most important factors when considering an identity security solution.
Moreover, numerous findings within the report indicate many identity security tools require too many manual processes (53%) and lack automation (49%). These issues are directly related and result in slow and error-prone processes, compliance issues, and increased risk, especially during large-scale identity increases from M&As. These tools do not provide analytics to help reveal risks—such as overprovisioning, a lack of separation of duties, excessive third-party access, and anomalous access—placing the burden on identity security teams who are already buried in manual processes.
Steve Bradford, Senior Vice President EMEA at SailPoint, said:
“The vast amount of sensitive, personal data makes financial services a treasure trove for cyber criminals. This cyber risk is growing more complex as institutions transform and identity data grows in volume, variety and velocity. Whether through mergers and acquisitions or an influx of machine and third-party identities, firms must carefully manage which identities have access to what, when and for how long. Vast amounts of sensitive data open firms up to data breaches, so it’s crucial that organisations take necessary steps to govern and protect against threats targeting themselves and the wider supply chain.
“As the EU’s Digital Operational Resilience Act (DORA) comes into effect next month, firms need to have well-defined policies for managing cyber risk – particularly those related to legacy technology, unauthorised access, insider threats and AI generated content. With the average cost of a breach being over $6 million, our findings highlight a critical need for a modern, automated approach to identity security. Unifying vast amounts of identity data within a singular, centralised platform enables better visibility and management. This context is critical to help organisations detect and address suspicious behaviour, and manage any threats before a breach occurs.”
