In the first half of the year, North American banking executives allocated more funds to cybersecurity than to artificial intelligence (AI). Recruiting skilled talent remains a significant challenge in both fields. These insights are highlighted in the second edition of the Infosys Bank Tech Index, as noted by Ajay Bhandari from Infosys.

Banks operate in an increasingly digital economy where cyber threats are escalating. For instance, the number of unique cyber incidents in the third quarter of 2023 was double that of the same period the previous year. As such, safeguarding customer data throughout their journey— from acquisition through engagement, retention, and exit—has become crucial. With the rise of AI-powered malware, traditional cybersecurity measures are proving insufficient. The evolving threat landscape demands systems that can adapt in real time and effectively counter new threats.

Cybersecurity Investment in Banks

Banks globally are ramping up their cybersecurity investments in response to persistent and evolving threats. In the first quarter of 2024, North American banks allocated 4.3% of their budgets to cybersecurity, slightly higher than the 4.0% spent by banks elsewhere. Despite this increase, cybersecurity still represents a smaller portion of North American banks’ budgets compared to their global counterparts, accounting for 23% versus 25% of total budgets.

The high cost of data breaches underscores the need for robust cybersecurity. In 2023, the average cost of a data breach was $9.5 million in the US (the highest globally) and $5.1 million in Canada, compared to a global average of $4.4 million. Factors contributing to these high costs include system complexity, a shortage of security skills, and regulatory noncompliance.

Challenges in Cybersecurity Talent

One significant challenge for North American banks is finding qualified cybersecurity professionals. Cybersecurity is ranked as the most difficult technology field to recruit for, with a difficulty score of 30, higher than the global average of 25. This challenge surpasses the difficulty of recruiting for AI and cloud technologies. In North America, 49% of tech staff recruitment is focused on cybersecurity talent, compared to a global average of 35%.

The Role of AI in Cybersecurity

AI serves a dual role in cybersecurity: as both a tool for defense and a potential threat. On the defensive side, AI enhances fraud detection and monitoring capabilities by analyzing transactional data in real time to identify suspicious activities and anomalies. For example, JPMorgan uses AI to spot potential fraud across its network, while Wells Fargo employs machine learning to adapt to sophisticated fraud tactics and reduce false positives.

However, cybercriminals also exploit AI to develop more sophisticated attacks, such as using deepfakes and advanced malware. The rapid evolution of AI capabilities allows for the creation of increasingly complex and harder-to-detect threats, such as polymorphic malware that adapts to evade traditional defenses.

Strategies for Strengthening Cybersecurity

To combat these threats, banks must develop dynamic defenses that evolve with the threat landscape. Key strategies include implementing zero-trust environments, using multilayer security protocols, maintaining continuous monitoring, and conducting regular employee training.

Specific Defenses for Financial Institutions

1. Customer Onboarding: Beyond standard identity verification practices, AI enhances security with encryption and identity verification algorithms that analyze documents and cross-reference government databases.
2. Customer Management: Implement strict access controls to limit data access based on roles and use AI to monitor and adjust permissions dynamically. AI can also conduct periodic audits to identify anomalies and ensure compliance with security protocols.
3. Customer Exit: Establish clear protocols for data deletion from closed accounts, ensuring that personal and financial data are encrypted. AI can assist in managing data retention by automatically identifying and deleting unnecessary data, and redacting sensitive information from archived documents.

Addressing the Talent Shortage

The global shortage of nearly 4 million cybersecurity professionals, as reported by the World Economic Forum, poses a significant challenge. To address this, banks must expedite reskilling efforts or partner with technology providers to access and train the necessary talent.

Infosys is actively addressing this talent gap by partnering with banks to provide comprehensive reskilling and training programs. Through its learning platform, Springboard, Infosys extends cybersecurity education beyond its own organization, helping to bridge the talent divide and attract top professionals to the industry.