Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Finance > Why the financial sector must use security orchestration & automation to keep up with cyber threats

Why the financial sector must use security orchestration & automation to keep up with cyber threats

Published by Gbaf News

Posted on May 15, 2020

5 min read

Last updated: January 21, 2026

Cybersecurity challenges in banking with digital transformation - Global Banking & Finance Review — An illustration highlighting cybersecurity risks faced by banks amid digital transformation. This image reflects the pressing challenges that financial institutions encounter in safeguarding user data.

By Faiz Shuja, Co-Founder & CEO at SIRP

As an industry built on the flow of money, the financial sector has always been in the sights of criminals looking for a big pay day. Criminal activity has historically ranged from complex fraud schemes to more direct attempts at robbery, but in the digital era these threats have largely been superseded by cyber crime.

Outsiders and criminal gangs are constantly evolving their attack techniques. Meanwhile, unscrupulous employees may be tempted to abuse their access privileges to carry out an untraceable inside job. As a result, both the volume and sophistication of attacks has steadily increased in recent years.

Official figures from the FCA reported last year found that cyber incident reports from the UK finance sector jumped an astonishing 1,000 percent in 2018. Research has also found that roughly 70 percent of UK finance companies suffered some form of security incident in the last 12 months.

Alongside the growing capabilities of threat actors, the financial sector has also undergone dramatic changes in recent years. If anything, this has made it an even more attractive target. The race is on to transition fully to online services accessed via mobile and other Internet-enabled platforms. Young digital native challengers such as Monzo have moved quickly to eat up sizeable chunks of the market. Caught by surprise, traditional bricks and mortar institutions are playing catch up. Intense effort is being spent digitising their services and bringing them to market as quickly as possible.

While customers may now enjoy a wide range of high-quality digital offerings, it also means financial services companies have an increased attack surface for cyber criminals to penetrate.

A wide array of threats

Faiz Shuja

Faiz Shuja

The financial sector is surrounded by cyber threats in all directions. On one side are APTs (advanced persistent threats) that make use of sophisticated tools and techniques to infiltrate bank networks to extract customer credentials or steal money from their bank accounts. Such attacks are usually the work of organised criminal gangs, or even by state-sponsored threat actors.

Attackers also have bank customers themselves in their sights. A common technique is to target customers with phishing emails that impersonate their bank or building society to trick them into sharing login credentials or financial information.

Separately, firms must also deal with malicious insiders abusing their privileged positions to access sensitive data. Insider trading is one example of this.

Keeping pace with security automation

Long accustomed as the centre of criminal attention, the financial sector is arguably the most mature and developed industry for security and privacy policies. In the cyber world, however, threats evolve at frightening pace. Banks and other financial institutions have little choice but to adapt fast to keep up.

Financial institutions have invested heavily in security solutions such as SIEM (security information and event management), EDR (endpoint detection and response), and next-generation firewalls to identify attacks and perform behavioural analytics to detect unusual behaviour patterns signifying both external intruders and malicious insiders.

Detecting threats is only half the battle, however. With security analysts battling through a huge caseload of threat alerts, it can take an hour or more for every new threat to be assessed responded to. This delay gives attackers ample time to complete their attack. In some cases, the sheer quantity of incoming threats may mean an alert is overlooked entirely.

The key to keeping up with the punishing pace of cyber threats is to automate as much of the workload as possible. Automating time consuming manual tasks reduces cyber security analysts’ workload allowing them to concentrate on investigating and responding to the most serious threats. It also reduces the risk of alerts being missed.

Orchestrating cyber defences

While automation is essential for defending against modern cyber threats, the truth is that implementing it is a time-consuming process. There is no magic wand to simply automate everything – each process must be thoroughly assessed and understood.

This means organisations should focus their automation efforts on the areas that are generating the largest workload. Phishing and web-based attack analytics, for example, both generate significant incident volumes requiring investigation. Automation of these processes would have an immediate impact, freeing up a great deal of time. Many low level threats and false positives could be resolved without any need for human intervention.

For best results, automation strategies should be combined with a risk-based approach tailored to the organisation’s unique circumstances. Factors such as size, structure, objectives and attitude to risk can vary dramatically the threats on a business and its optimal response. Deploying a SOAR (Security Orchestration, Automation and Response) solution is an effective way to manage threat detection and response as well as longer-term strategic management and prioritisation of different risks.

Threat alerts from SIEM (Security Information and Event Management) can be displayed in a single dashboard, enabling security analysts to quickly and reliably identify the most pressing threats and prioritise accordingly. At the same time, this data can be used to prioritise how automation and other defensive measures are rolled out across the company.

As one of the primary targets for cyber criminal activity, the financial sector will always be among the first to face the latest developments in attack tools and techniques. With the judicious application of automation, however, firms give their security teams the tools and the time to detect and deal with the influx of threats. At the same time a risk-based SOAR approach orchestrates defences to help them keep up with the rapidly changing threat landscape.