A growing number of employees in the financial services sector are exposing sensitive data to security risks by using personal applications and generative AI (genAI) tools at work, according to a new report from Netskope Threat Labs.
The report found that 13% of employees in the sector upload sensitive work data to personal apps, with 74% of policy violations involving regulated personal and financial information and 11% concerning intellectual property. Among the most frequently used platforms for these uploads were LinkedIn, Facebook, and Google Drive, while ChatGPT ranked eighth.
Ray Canzanese, director of Threat Labs at Netskope, said the sensitive nature of the financial industry’s data makes it a prime target for cyber threats.
"Phishing and malware have become very prevalent, with nearly 1.5% of users encountering a phishing page or malware download every month. This high rate of attacks underscores the importance of robust anti-phishing and anti-malware strategies within the industry," Canzanese said.
Generative AI tools have also become a growing concern. The report found that 95% of financial services firms use genAI applications, with ChatGPT remaining the most popular. However, newer tools like Microsoft Copilot, Google Gemini, Anthropic Claude, Quillbot, and Gamma have seen increased adoption. Data policy violations related to genAI apps involved intellectual property (35%), regulated data (31%), and source code (30%).
Despite the risks, firms are taking action, with 90% blocking at least one genAI app and adopting data loss prevention (DLP) controls and real-time user coaching.
"Personal app and generative AI risks are top of mind for financial services organisations seeking to protect the sensitive personal and financial information they manage. As genAI adoption continues to increase, organisations are still playing catch-up, implementing new controls like data loss prevention (DLP) and real-time user coaching to reduce risks,” Canzanese said.
Nearly 1.5 out of every 100 employees in the sector click on phishing links or attempt to download malware each month, with 9.8 out of 1,000 tricked into downloading malware and 4.7 out of 1,000 accessing phishing sites. Attackers frequently mimic cloud service providers and banking institutions, with Microsoft being the most commonly impersonated brand.
Another notable tactic gaining traction is search engine optimisation (SEO) poisoning, where cybercriminals manipulate search rankings to direct financial sector employees to phishing websites. This method increases the likelihood of malware downloads, further compromising sensitive information.
