The World Economic Forum’s Global Cybersecurity Outlook 2025 Insight Report paints a bleak picture of what the year ahead holds for technology security teams worldwide. However, some industries are likely to be worse off than others. The financial sector, for example, is an attractive target for cyber-attacks, as confirmed by Statista which states that the average cost of a data breach in this industry in 2024 was approximately $6.08 million, compared to $4.88 for the overall average cost of a data breach across all industries. As such, financial institutions must prioritise cyber defence and take action to minimise the impact of attacks. One route to doing this is by automating aspects of cybersecurity so SOC teams can focus on higher-value activities.

According to the latest ThreatQuotient research into The Evolution of Cybersecurity Automation Adoption, financial services organisations tend to be more mature in cybersecurity automation adoption than their industry counterparts. Further, they may have passed through the period of disillusionment that commonly occurs in the technology adoption cycle. This is evidenced by the report finding that 87% of financial services organisations value the importance of cybersecurity automation, up from 69% the previous year, which is mostly used to focus on incident response, phishing analysis and threat hunting.

However, given the growing complexities of the threat landscape, more needs to be done to equip financial organisations globally to prepare for attack. To try to counter this issue, governments have introduced new regulations for the financial sector such as The Digital Operational Resilience Act (DORA) which is an EU regulation that aims to strengthen the sector's resilience to ICT-related incidents with clearly defined requirements. Part of the regulation requires organisations to engage in threat intelligence sharing, to raise the level of knowledge and awareness of cyber threats on an industry scale.

Knowledge is power

Being aware of the latest industry threats, vulnerabilities and attack patterns is a powerful way to enhance the security posture of an organisation and proactively mitigate risks. To achieve this, companies should systematically collect, analyse and disseminate information about potential cybersecurity threats to help identify emerging trends and stay ahead of possible threats. This knowledge, when shared across organisations and industries, can go a long way in helping more companies be alert and prepared for potential cyber threats.

Within the financial services industry, threat intelligence is commonly only shared with direct partners and suppliers (59%) and within their organisations (48%), according to ThreatQuotient research. However, by sharing insights beyond the borders of the organisation to the broader industry, security teams within all these organisations are empowered to gain a tactical advantage and actively improve their cybersecurity practices based on information collected according to real-world attack methodologies.

Growing a community of information sharing

Nevertheless, it is encouraging that 59% of Financial Services organisations are sharing threat intelligence with partners and suppliers, because considerable cyber risk resides in the supply chain – especially where smaller suppliers may lack sophisticated security solutions and in-house expertise. DORA addresses this by specifying that third-party ICT risk must be managed as an integral component of the overall ICT risk management framework. Sharing threat intelligence with the wider supplier ecosystem should be considered best practice as part of this risk management approach.

Threat actors are sharing knowledge amongst themselves to enhance their skills with Cybercrime-as-a-Service (CaaS) providing a range of sophisticated tools and malicious services to a broad range of users through online marketplaces. Organisations must follow suit and band together with the sharing of threat intelligence across large and small organisations to collectively assess vulnerabilities and implement proactive measures to defend against rising threats. This collaboration is a cornerstone of effective cybersecurity which is further enhanced by integrating cybersecurity platforms to augment collaboration efforts.

Closing the skill gap with automated threat intelligence

There is no quick fix for the widening cybersecurity skills gap, but technology can be part of the solution in helping to ease the pressure on the teams that are combating cyber risks daily. With threat intelligence, security teams have valuable, real-world intelligence that can help them to be better prepared for attacks.

Further, by automating elements of the process of threat hunting, intelligence gathering and threat profiling, security teams can work smarter and not harder, as they gain insights to prioritise threats, detect attacks earlier and develop strategies to respond faster and more effectively. This proactive approach not only strengthens the cybersecurity posture of the organisation but – when intelligence is shared – also improves the posture of supply chains and the industry.

AI is the problem and the solution

While cybersecurity automation has achieved a degree of maturity in the financial sector, applying artificial intelligence to cybersecurity is still in relatively early stages across most industries. Again, the sector seems to be an early adopter, as evidenced by The Evolution of Cybersecurity Adoption report, which found that half of the financial services respondents are using AI across their cybersecurity operations, a figure that is considerably higher than other industries.

However, the widespread adoption of AI will also increase the threat landscape. Not only do technologies like ChatGPT create potential risks for organisations, but AI tools are also being used by threat actors to enhance their skills and increase their breach success rates.

Despite the risks, AI also brings with it immense potential in bolstering an organisation’s defence mechanisms, detecting threats and enabling faster incident response times. For example, Gen AI can help speed up threat intelligence gathering and reporting, so security teams can focus on more complex tasks.

As cyber threats become increasingly sophisticated, it is more important than ever that the financial services industry bands together to collaborate and establish a united front against potential cyber-attacks. This includes prioritising the adoption of cyber security automation to identify, analyse and prioritise threats in the industry to make better decisions and respond efficiently and effectively, thereby minimising the impact of a potential attack. Ultimately shared threat intelligence enables organisations in the financial services industry to put up a united front and safeguard the valuable assets that their customers entrust them with.