Financial services firms are significantly overestimating their readiness to secure AI, according to new research from digital transformation company ANS.
Last month the UK Treasury Committee warned that the financial services sector’s approach to managing AI risks is dangerous, and more needs to be done. This comes at the same time as new data which shows that only 36% of financial IT leaders prioritise security during AI implementation.
The survey of more than 2,000 senior IT decision-makers reveals a growing disconnect between confidence and action when it comes to security for AI. While 83% of financial services organisations believe they have invested sufficiently to support safe AI adoption, far fewer are taking the practical steps required to protect AI systems in reality.
Less than half of finance-based respondents (47%) said security is embedded proactively into their AI projects, and only 36% consider it a priority during implementation. This suggests that, for many organisations in the sector, AI security remains reactive, addressed only once systems are deployed or risks begin to surface.
The findings come despite sustained levels of cybersecurity spending. According to the research, 35% of financial services organisations allocate between 11% and 30% of their total IT budgets to security. However, this investment is rarely directed towards the specific risks introduced by AI.
Only 34% of IT decision-makers within the financial services sector say they plan to invest in security for AI model and algorithm training over the next three years, capabilities that are critical to preventing threats such as model poisoning, data leakage and manipulation of AI outputs.
Employee training, long considered a frontline defence against cyber threats, is also being deprioritised. Just 34% of those surveyed from the sector said they plan to invest in upskilling staff on the secure and responsible use of AI, despite employees often being the most targeted entry point for attackers.
Kyle Hill, chief technology officer at ANS, said: “AI is transforming how the financial services sector operates, but it also introduces entirely new attack surfaces and vulnerabilities. Many businesses assume their existing cybersecurity measures automatically extend to AI, but that simply isn’t the case.
“This overconfidence is creating a false sense of security. Without targeted investment in areas like model security, governance frameworks and employee training, organisations risk leaving their AI systems exposed to misuse, manipulation and emerging threats.
“Security can’t be treated as a bolt-on or a compliance exercise. It has to be the foundation of responsible AI adoption. Financial services organisations that take a proactive, risk-led approach will be far better positioned to unlock the value of AI safely and confidently.”
