Cyber Resiliency in The Age Of AI: Securing the Digital Perimeter

In the fast-moving age of artificial intelligence (AI), cybersecurity is more important than ever before.

By Tyler Derr, Chief Technology Officer (CTO), Broadridge

In the fast-moving age of artificial intelligence (AI), cybersecurity is more important than ever before. New technologies — especially generative AI (GenAI) — are multiplying the attack surface and accelerating fraud. Today’s tech-savvy consumers are well aware of this growing threat to their data, and expect to be protected against it.

Research from Boston Consulting Group has revealed that cybercriminals are 300 times more likely to target financial services firms than any other industry. It’s crucial that business leaders in this sector properly address future risks while mitigating them in the present.

AI: Cause and effect

AI is rapidly changing the cyber landscape, making bad actors even more sophisticated, and making it easier for people to become bad actors in the first place.

We know from our own coding practices when we’ve used AI internally that these tools make already exceptional developers even better.

Unfortunately, the same is true for threat actors. Fraudsters are now able to use GenAI tools to rapidly modify their attacks to help them breach even the most robust cyber defenses.

The good news is that AI can also be harnessed to combat these new threat factors.

Broadridge’s 2024 Digital Transformation & Next-Gen Technology Study shows that financial firms are set to boost their investments in cybersecurity by nearly a third (28%) in the next two years. Companies must explore how they can better use the latest AI developments to prevent incidents, and how they can correlate attacks in order to share usable insights across the industry to fight fraud.

Building resiliency at the business level

AI is only part of a much wider story.

Many financial firms are relying heavily on their tech providers for cybersecurity, but they really need to be upskilling their teams at the same time. This could include frequent training sessions covering the pressing topics, such as how to identify and block AI-led phishing attacks, and how to protect personally identifiable information (PII) more effectively.

You shouldn’t just be training your cyber department: any role that touches tech is now responsible for cybersecurity. Widespread training can ensure prevention at the point of arrival. This may mean creating a mindset shift for many firms, something that will require a concerted effort.

Even with best-in-class tech solutions and comprehensive training in place, firms still need to plan for what to do if a cyberattack breaks through.

Cybersecurity measures should never be an afterthought, they should be plotted out at the start of all technology projects. Building cyber into your software development lifecycle is another important aspect of building resiliency, which can be supported by enrolling everyone in your cyber defense program.

It’s also important to have a proper handle on your partners and any third parties you work with. Make sure you do your due diligence and find out what vendors do to protect themselves. Remember, if they get hit, you will too — and it can irrevocably damage your brand.

Making the case for better data hygiene

True cyber resilience can only be achieved if firms are managing data properly.

Make sure that with any new data, you’re only storing what’s required from a business perspective. This is the first line of defense, and can help to eliminate unnecessary risk. If there is a leak, and it’s related to data you didn’t need to store in the first place, the public’s perception of the incident will be much worse — as will the regulatory blowback.

Financial firms are of course subject to various disclosure requirements, which are constantly evolving. It’s important to be aware of the material non-public information you must disclose. By fully understand the breadth and depth of requirements you can avoid over- or under-disclosure. Again, this can be linked back to only storing data that has a defined business intent.

Prioritizing data privacy certainly pays off for firms. Broadridge’s 2024 CX & Communications Consumer Insights report highlighted that consumers are happy to share their data to fuel enhanced customer experiences (CX), but they do expect firms to communicate more clearly about how their data is being used.

Eight in ten (82%) of those surveyed want companies to be more transparent about their plans for user data. Ensuring your company is committed to data security, and being transparent about relevant practices, will also help ease any hesitation from the consumer regarding the inclusion of AI tools.

As frontier technologies such as GenAI disrupt businesses and cyber threats continue to escalate, it’s imperative for financial firms to invest in new cybersecurity solutions that are fit for purpose. This investment will mean little if it isn’t properly aligned with investment in your own people. By instilling a wider culture of cyber resiliency, you can help your business to navigate this new battlefield.

About the Author

As the Broadridge’s Chief Technology Officer (CTO) Tyler Derr is responsible for overseeing Broadridge’s global technology teams including software engineering, product delivery, architecture, infrastructure, cybersecurity, and technology operations. He has been at Broadridge for 10 years, firstly as CTO of Broadridge’s global technology and operations (GTO) business, and later as chief administrative officer for the same department. Prior to joining Broadridge, Derr worked at OppenheimerFunds. He has also served as the CTO for the global tax business of H&R Block.

The company website is https://www.broadridge.com/