Finance organizations find themselves uniquely susceptible to insider threats because federal and state laws typically require them to retain data for 10 to 15 years.
In that time, they can lose track of vast, unstructured and aging data stores.
Further complicating matters is the fact that human error is the third most concerning threat actor behind hacktivists and nation-state actors in 2025, according to Thales’ “Data Threat Report.” The result is an invitation for an employee with poor cyber hygiene to expose a finance organization’s forgotten data.
“It’s really a blind spot for organizations right now, because as an employee, I’m trying to do my job, and I might be sharing information with other employees,” says Todd Moore, global vice president of data security at Thales. “But I’m using the cloud or cloud storage to do that, and I’m sending an email with a file attached.”
Click the banner below to start implementing smarter security.
Adopting Continuous Monitoring in Advance of Agentic Attacks
Thales found cloud storage, Software as a Service applications and cloud management infrastructure to be the biggest targets of cyberattacks after an organizational insider has been exploited, because adversaries ultimately want data.
Finance organizations’ files, chat logs, videos and even data generated by social media apps often resides on-premises or across various private clouds. Rather than ignoring that data, finance organizations should identify what’s critical and protect it with tokenization and encryption, as well as continuous monitoring tools.
“Those are the tools that I think we’re going to see a lot more organizations put in place,” Moore says. “You need visibility before you can start really protecting your data.”
That’s because artificial intelligence can boost the speed at which bad actors exploit poor cyber hygiene practices, such as weak or recycled passwords.
The adoption of agentic AI at finance organizations threatens to expand the impact of these attacks because an agent takes on a user’s profile, access and policies as it begins to perform tasks on their behalf.
Now imagine that user has access to unstructured data they’ve forgotten about, and the agent is compromised by a bad actor. AI agents could be manipulated into finding sensitive financial information much faster.
“Agentic AI is going to expose vulnerabilities quicker than ever,” Moore says.
Continuous monitoring will help finance organizations track what data AI agents are accessing, so analysts can ask why the agents are accessing that information and whether they should be.
Click the banner below to sign up for the BizTech newsletter for weekly updates.
Steps Finance Organizations Can Take To Improve Cyber Hygiene
Quantifying just how common insider threats are at finance organizations is a tall order, but Thales knows they’re happening.
Finance organizations should educate their employees on using strong, original passwords and multifactor authentication whenever possible.
“We do have to train everyone up to a certain level so that we don’t get exploited even faster whenever AI is available,” Moore says.
Additionally, finance organizations should make sure that data is promptly deleted after its required retention period has passed.
“My data, if it’s in the bank, I’d like to see that go away after that holding time is over so that it can’t be impacted by a future breach,” Moore says. “It’s really managing that full lifecycle and deleting it if it’s no longer needed.”
UP NEXT: How secure are modern collaboration platforms?
