Financial services firms need formal response plans to ransomware attacks, and they need to test those plans regularly now that artificial intelligence is changing the threat landscape more frequently.
While organizations in heavily regulated sectors such as finance, healthcare and government tend to implement better guardrails against the three biggest cyberthreats — malware, phishing and ransomware — those with response plans often don’t update them.
Thales found 72% of the 3,163 security and IT management professionals it surveyed lacked a formal response plan to ransomware at their organization, according to its 2025 Data Threat Report. While financial services are more likely to have invested in fraud detection tools to catch and remediate false ledger entries, given the high volume of transactions they facilitate, unstructured data integrity and trustworthiness are harder to secure.
“It's almost like boards are printing money to get AI into use, without really thinking about what it means,” says Todd Moore, global vice president of data security at Thales. “Organizations are having a hard time keeping up with classifying the data, finding out what's important to them and then actually protecting it.”
Click the banner below to start implementing smarter security.
Financial Services’ Unstructured Data Problem
About 90% of new unstructured data — think emails, video files and chat logs — is generated by AI, which financial services have devoted large portions of their budget to deploy without necessarily securing, Moore says. In many ways, this mirrors their race to the public cloud 15 years ago.
The good news is about half of security and IT professionals feel their data is secure today, compared with 20% a few years ago, but they still have a long way to go, he says.
There are five or six popular classification code tools (which find unstructured data and classify it) on the market today, but they lack strong interoperability. With few industry standards, vendors are taking different approaches. Naturally, this complicates security for financial services.
“I think the sense of urgency is there,” Moore says. “It just takes time, energy, and, unfortunately, nobody has all the time in the world for all the attacks that are coming at them. Nothing is slowing down on the malicious side.”
Financial services should invest in access management for employees and AI, especially as AI agents are granted valid identities within organizations. These identities can be stolen in ransomware attacks.
Monitoring systems for anomalous behaviors — which users are accessing data, when and how — is also a must for financial services. In keeping with a zero-trust security approach, continuous monitoring should be layered atop access controls because backups and restores don’t always remediate AI-enabled attacks.
“Ransomware attacks happen quickly,” Moore says. “So those continuous monitoring systems need to work as close to real time as possible.”
