The scale and severity of cyber-attacks is rapidly increasing. Cyber-criminals are increasingly leveraging AI to compromise user credentials to access confidential systems and data. With vast amounts of lucrative data at stake, the financial services industry is a prime target for AI-driven cybercrime.

According to SailPoint research, nearly 50 percent of financial organisations surveyed have experienced a security breach in the past two years, making it essential to secure access across the entire ecosystem—including the wider supply chain—in 2025.

The EU’s new Digital Operational Resilience Act (DORA) is an important step in enhancing the financial sector’s cyber hygiene, looking to increase operational resilience and bolster IT security across the sector. Under DORA, financial institutions that operate in the EU, and their third-party information communication and technology (ICT) providers, must adhere to new technical requirements aimed at helping organisations recover from cyber risk.

With DORA now in effect, compliance will be critical for mitigating cyber threats. This starts by having well-defined policies in place for managing ICT risk, particularly those related to unauthorised access and outdated legacy systems.

The Complexity Conundrum

Cyber risks in financial services have become more complex as institutions and supply chains become larger. Whether through mergers and acquisitions, or growth with partners, larger supply chains allow for more users and identities to operate freely within the chain – often unchecked.

This rise of remote workers, temporary employees, partners, and contractors entering systems means identities can easily fly under the radar, leading to security risks like ‘overprovisioned’ access. In fact, nearly 80 percent of financial organisations surveyed are concerned about vulnerabilities resulting from overprovisioning of non-employees. This lack of visibility can lead to a huge gap in security posture.

Not only is the proliferation of third-party identities a growing problem, but the challenge is heightened by a coinciding increase in the number of applications those users need access to and the range of entitlements that must be managed.

For already stretched IT teams—many still reliant on legacy tools and manual processes—this creates an overwhelming burden. Managing hundreds of users manually often results in loosely controlled access, poor oversight, and increased cyber risk. Without modern identity security solutions, keeping up with these demands becomes nearly impossible.

Managing Risk Across Large Financial Networks

Managing ICT risks associated with overprovisioned identities must be a top priority for organisations. However, 53 percent of surveyed financial organisations manage this data manually, making compliance a daunting task. Any lack of visibility can create significant security gaps, leaving businesses open to attack.

ICT teams must carefully control which identities in their supply chain have access—to what, when, and for how long. Access should be granted strictly on a need-to-know basis, with rigorous management of onboarding, offboarding, and the entire identity lifecycle in between. Enhancing visibility into these identities is crucial for mitigating risk.

To reduce the manual pressures of this task, AI serves as a silent but effective partner. Technology such as AI-enabled identity security can automate these tasks and seamlessly manage access requirements in real-time. This real-time oversight enables IT teams to keep on top of the surge in identities needing access to different applications, ensuring that each identity only has as much access as is required to perform their role.

Today, sophisticated AI-enabled identity security solutions are already impacting how organisations see, manage, control, and secure all variations of identity. This technology also helps to reduce the attack surface, enabling easy detection of suspicious and unusual behaviour well ahead of a breach occurring, easing the burden on IT teams and supporting compliance efforts.

A Comprehensive Picture

Despite robust preventative measures, security breaches are inevitable as bad actors continue to leverage new technologies like AI to their advantage. To comply with DORA, financial firms should standardise ICT-related incident management and reporting processes to understand how incidents happened and users’ roles. In the event of a breach, detailed information must be collected and shared to identify attack patterns and enhance cyber resilience.

To support incident reporting, modern identity security systems can help provide a comprehensive picture of events. In recent years, there has been a rapid growth of identity threat detection and response (ITDR) solutions, which enrich the context of security incident analyses so organisations can better identify unusual patterns of behaviour, enabling more proactive and predictive capabilities.

ITDR solutions, combined with identity security solutions, provide an incredible amount of context in real time, helping organisations to identify threatening activity and what remediation is needed – all in a single source of truth. AI, combined with the power of unified identity data, is a clear path forward to help stay ahead of threats today.

Securing the Financial Landscape in 2025 and Beyond

Compliance with DORA will be a critical benchmark for the financial services industry when it comes to safeguarding and securing operations over the next year. Yet due to the sector’s reliance on outdated tools and manual processes, being fully compliant may be a significant challenge for many. 

To ease the complexity of compliance, a proactive, AI-backed approach to identity security will be key in increasing visibility and governance over ICT risk. Strengthening oversight of users, identities, and access requirements within complex financial supply chains will be essential to closing security gaps and enabling a resilient future.

Mo Joueid Identity security consultant SailPoint