Published by Jessica Weisman-Pitts
Posted on February 27, 2024
4 min readLast updated: January 30, 2026
By Tim Freestone, Chief Strategy and Marketing Officer, Kiteworks
For some time, the financial services industry has been at the forefront of a sophisticated and evolving digital landscape. It has witnessed rapid and transformative technological advancements that have delivered new services to customers and driven a myriad of operational efficiencies. However, the movement of more and more confidential data into the digital space and it being regularly exchanged with first and third parties has not gone unnoticed by those with unscrupulous intent. This had made the financial industry to continue to be a top target for cybercriminals. In fact, according to CrowdStrike’s 2023 Global Threat Report, the financial sector is now the second most frequently targeted vertical after the technology vertical. Among the data that is being targeted, Verizon’s 2023 Data Breach Investigations Report (DBIR) found that personally identifiable information (PII) is the top target of bad actors – making up almost three quarters (74%) of attacks. It has got so bad that 96% of financial services organisations tell us that they have experienced four or more exploits of sensitive content communications in the past year alone.
Too many disaggregated tools for sensitive content communications
Our Sensitive Content Communications Privacy and Compliance Report last year revealed that financial services firms today struggle to manage file and email data communication risks. Both within their organisations and with third parties. One of the reasons is the large number of systems that financial organisations use to send and share private data today. So much so that nearly seven in ten financial institutions have six or more sensitive content communication systems in place. No wonder they are struggling to secure them.
Ranking third-party content communications risk
Those systems are not just being used to send data internally either. In fact, financial organisations rank among the highest of any industry when it comes to the sheer number of different systems used to send and share content communications outside of the organisation with third parties. Six in ten (60%) use six systems or more. Surprisingly, in terms of ranking, web forms are at the top of the list, with a quarter (25%) of respondents giving them a number one ranking. When ranks one and two are factored together, email caught up with web forms, with 41% giving each a number one and two ranking. One of the ways email poses such a risk relates to challenges with its encryption. Specifically, when recipients cannot decrypt an email due to it being encrypted in a format not supported by their organisation. Out of the other applications thought to present the biggest risk, application programming interfaces (APIs) came in second, with 30% of respondents ranking them at number one and two.
Somewhat surprisingly, governance plays an important causation role here. Less than a third (31%) only track and control access to sensitive content folders for certain content types. While only another 37% only do so for certain departments.
Whilst it is true that risk management of third-party content communications is seen as a problem across industry sectors, financial services is one at the top of the list. Because of this, a new approach is required or at the very least the current approach requires significant improvement.
Better digital risk management is required
The current lack of robust digital rights management (DRM) is undoubtably a big part of the problem. Having said that, weaknesses across different financial service organisations are not the same. Whilst two in five (43%) of respondents said they have administrative policies in place for tracking and controlling content collaboration and sharing on-premises but not in the cloud. At the same time, one in five (21%) said the opposite. Namely, that they have tracking and controls in place for the cloud but not on-premises. Worryingly, only slightly more than a third indicate they have digital risk management capabilities in place for both the cloud and on-premises.
A potential game changer
A change is needed. A Private Content Network could be the answer. A Private Content Network employs a content-defined zero-trust approach that would enable financial services organisations to unify, track, control, and secure all their sensitive content communications into one single platform. This would allow financial services organisations to track and control access to files and folders, who can edit and share them, and to whom and where they can be shared. This could be a game changer as doing so would enable financial firms to ensure private personally identifiable information, intellectual property, client financial records, insurance claims, and more would remain private and in compliance with increasingly stringent global regulations.
Cybersecurity refers to the practice of protecting systems, networks, and programs from digital attacks. It involves implementing measures to safeguard sensitive data from unauthorized access and cyber threats.
Compliance in financial services involves adhering to laws, regulations, and guidelines set by governing bodies to ensure ethical operations and protect consumer interests.
Data protection refers to the practices and processes that safeguard personal and sensitive information from unauthorized access, use, or disclosure, ensuring privacy and compliance with regulations.
Risk management is the process of identifying, assessing, and mitigating risks that could negatively impact an organization. It involves strategies to minimize potential losses.
Sensitive content communication refers to the exchange of confidential information, such as personal data or financial records, that requires special handling and protection to prevent unauthorized access.
Explore more articles in the Finance category
