close
close
Your Network of Tomorrow
Your Network of Tomorrow
Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.
          Experience Netskope
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            Netskope debuts as a Leader in the Gartner® Magic Quadrant™ for Single-Vendor SASE
              Securing Generative AI for Dummies
              Securing Generative AI for Dummies
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
                Modern data loss prevention (DLP) for Dummies eBook
                Modern Data Loss Prevention (DLP) for Dummies
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                  Modern SD-WAN for SASE Dummies Book
                  Modern SD-WAN for SASE Dummies
                  Stop playing catch up with your networking architecture
                    Understanding where the risk lies
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                        The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                        The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                        Netskope One Private Access is the only solution that allows you to retire your VPN for good.
                          Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                          Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                            Netskope GovCloud
                            Netskope achieves FedRAMP High Authorization
                            Choose Netskope GovCloud to accelerate your agency’s transformation.
                              Let's Do Great Things Together
                              Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.
                                Netskope solutions
                                Netskope Cloud Exchange
                                Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
                                  Netskope Technical Support
                                  Netskope Technical Support
                                  Our qualified support engineers are located worldwide and have diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ensuring timely and quality technical assistance
                                    Netskope video
                                    Netskope Training
                                    Netskope training will help you become a cloud security expert. We are here to help you secure your digital transformation journey and make the most of your cloud, web, and private applications.

                                      Netskope
                                      Threat Labs Report: Financial Services 2025

                                      The Netskope Threat Labs Report series aims to provide strategic, actionable intelligence on active threats. This report focuses on the financial services sector.
                                      Netskope Threat Labs Report
                                      13 min read

                                      Introduction link link

                                      Due to the sensitive personal and financial information they manage, financial services organizations are frequently targeted by adversaries. The potential for financial gain, data theft, and organizational damage makes data security a paramount concern in this sector. This report highlights the most significant cybersecurity risks that financial services organizations encounter, particularly:

                                      • Personal App Risk – Users uploading regulated data to personal cloud apps is a top data security risk for financial services organizations, with 13% of the user population uploading data to personal apps and 83% of organizations putting controls in place to prevent such uploads.
                                      • Generative AI Risk – A growing data security risk in financial services is users sending regulated data, intellectual property, and source code to genAI apps, with 95% of organizations currently using these apps and implementing the controls to reduce the risks.
                                      • Social Engineering Risk – Phishing and malware continue to be significant risks in the financial services sector, with 4.7 out of every 1,000 users clicking phishing links and 9.8 out of every 1,000 users clicking other malicious links each month.

                                       

                                      test answer

                                      Personal App Risk link link

                                      Personal apps in the financial services sector pose a substantial data security risk. 92% of financial services workers regularly use personal apps, and 13% upload sensitive data to these apps. Underscoring the severity of this issue, 74% of personal app data policy violations involve uploads of regulated personal and financial data.

                                      Netskope Threat Labs Report - Financial Services 2025 - Data policy violations for personal apps in the financial services sector

                                      The personal apps to which people regularly upload, post, or otherwise send data include social media, cloud storage, webmail, and generative AI apps. The figure below shows the top apps sorted by the percentage of organizations using them for upstream activities.

                                      Netskope Threat Labs Report - Financial Services 2025 - Top apps for upstream activities to personal apps in the financial services sector

                                      While 13% of workers uploading data to personal apps is below the global average of 26%, the nature of the data involved (highly sensitive personal and financial information) underscores the importance of putting controls in place to reduce the data security risks involved with personal apps, including:

                                      Upstream Blocks – 83%
                                      83% of financial services organizations have controls to actively block their users from uploading data to personal apps. This figure includes controls that disallow uploading any data to certain personal apps or accounts (for example, Microsoft OneDrive uploads are allowed to the shared M365 instance but not to personal accounts). It also includes more nuanced controls integrating other technologies, such as data loss prevention (DLP) and real-time user coaching.

                                      Data Loss Prevention (DLP) – 70%
                                      DLP has long been popular for reducing personal app risk in the financial services sector, where it is used by 70% of organizations, ahead of the global average of 66%.

                                      Real-time User Coaching – 40%
                                      Real-time user coaching has long been used by 40% of financial services organizations to mitigate personal app risk. It helps users, who typically understand the data and business content, make informed data security decisions in the moment. For example, a user can decide whether or not to upload data to a personal app. In 75% of cases, real-time user coaching leads users to abandon the attempted action. This demonstrates significant risk reduction, while also recognizing the value of considering data and business context, as 25% of activities that stricter controls might have prevented were allowed to proceed.

                                       

                                      Generative AI Risk link link

                                      Generative AI apps continue to grow in popularity in the financial services sector, where 95% of organizations now use genAI, and organizations use an average of 10 different genAI apps. The number of users actively using genAI apps also continues to climb, with an average of 6% of people regularly using the apps. However, this average masks a much more aggressive adoption in some organizations. Whereas the top 25% of financial services organizations only used eight or more apps in 2024, they now use 19 or more, as shown in the figure below.

                                      Netskope Threat Labs Report - Financial Services 2025 - GenAI users per month median percentage with shaded area showing 1st and 3rd quartiles in the financial services sector

                                      While ChatGPT has remained the most popular genAI app over the past year, its popularity has remained unchanged since October 2024, suggesting its adoption may have plateaued. Meanwhile, Microsoft Copilot experienced rapid growth throughout the year, which also appears to have leveled off. Other general-purpose genAI apps, such as Google Gemini and Anthropic Claude, gained significant traction, as did more specialized applications like the writing assistant Quillbot and the presentation assistant Gamma. Microsoft 365 Copilot adoption also began to take off at the end of 2024 and is poised to continue throughout 2025 at a similar pace to that of Microsoft Copilot in 2024. These trends in financial services mirror broader patterns of genAI adoption. The following figure shows the top 10 genAI apps’ adoption trends in financial services over the past year.

                                      Netskope Threat Labs Report - Financial Services 2025 - Most popular apps by percentage of organizations in the financial services sector

                                      Financial services organizations are still in the process of putting controls in place to reduce the risks associated with genAI apps while their use continues to increase. 90% of organizations actively block at least one genAI app, and the number of apps blocked per organization continues to grow. The following figure shows the average continuing to climb, while the third quartile now exceeds 30 apps.

                                      Netskope Threat Labs Report - Financial Services 2025 - Number of apps blocked per org median with shaded area showing 1st and 3rd quartiles in the financial services sector

                                      More nuanced strategies–e.g., DLP and real-time user coaching–are still growing in popularity as genAI risk reduction controls. Over the past year, the percentage of organizations employing real-time user coaching to mitigate genAI risk rose from 26% to 35%. The percentage of organizations using DLP increased from 35% to 52%. The following plot shows that DLP for genAI adoption is on the rise but still lags behind DLP for personal app adoption (70%).

                                      Netskope Threat Labs Report - Financial Services 2025 - Percentage of organizations using DLP to control genAI app access in the financial services sector

                                      Data policy violations for genAI apps also have a different makeup than those for personal apps. Whereas personal apps were dominated by regulated financial and personal data, violations for genAI apps are a roughly equal blend of intellectual property, source code, and regulated data, suggesting that both the usage of these apps and the data security concerns are broader.

                                      Netskope Threat Labs Report - Financial Services 2025 - Types of data policy violations for genAI apps in the financial services sector

                                       

                                      Social Engineering Risk link link

                                      Social engineering is a popular tactic many attackers use, from sophisticated geopolitical and criminal groups to low-level ransomware affiliates and cybercrime gangs. These attackers employ various tactics such as phishing, pretexting, malware, and deepfakes to manipulate individuals within target organizations. Social engineering is successful when attackers gain trust, instill fear, or manipulate victims into compromising security.

                                      Among financial services, one of the most common social engineering tactics is tricking victims into downloading and executing malware. 9.8 out of every 1,000 users are tricked into downloading malware every month. The following is a list of the five most common malware families encountered in the past year, highlighting multiple JavaScript downloaders used to deliver malicious payloads, traffic direction systems used to redirect victims to malicious sites, and the popular Cobalt Strike beacon used to control compromised systems.

                                      Downloader.Nemucod is a JavaScript downloader that has previously delivered Teslacrypt.

                                      Trojan.FakeUpdater (a.k.a. SocGholish) is a JavaScript downloader that delivers various payloads, including NetSupport RAT, RedLine Stealer, and Cobeacon.

                                      Downloader.SLoad (a.k.a Starslord) is a downloader often used to deliver Ramnit.

                                      Trojan.Parrottds is a JavaScript-based traffic direction system that has been infecting websites since 2019 and has been used to redirect traffic to various malicious locations.

                                      Backdoor.Cobeacon is a malicious agent created using the Cobalt Strike red-team operation software to maintain control of a compromised system.

                                      One of the social engineering techniques attackers use to deliver malware is to host the malware on popular cloud services. Of the 9.8 out of every 1,000 users downloading malware from cloud apps each month, 1.7 download the malware from popular cloud apps. The top apps by the percentage of organizations with malware downloads include the most popular cloud storage apps and the popular code-sharing platform GitHub, where various hacktools are hosted.

                                      Netskope Threat Labs Report - Financial Services 2025 - Top apps for malware downloads in the financial services sector

                                      Phishing is the second most common social engineering technique, with 4.7 out of every 1,000 users in financial services visiting a phishing site every month. Whereas Netskope tracked a global increase in phishing over the past year, phishing rates in the financial services industry remained relatively stable as the rates in other industries have caught up. As shown in the figure below, nearly half of phishing attacks mimicked cloud apps and banking institutions.

                                      Netskope Threat Labs Report - Financial Services 2025 - Top phishing targets by links clicked in the financial services sector

                                      Microsoft was the most commonly mimicked brand among cloud phishing attacks, while DocuSign and Adobe baits were also frequently used to steal login credentials for various other services.

                                      Netskope Threat Labs Report - Financial Services 2025 - Top cloud phishing targets by links clicked in the financial services sector

                                      Analysis of the referrers of the phishing pages visited by victims in financial services highlights a noteworthy trend: search engine optimization (SEO) poisoning remains a popular tactic to get phishing pages listed in search engine results where victims may have their guard down. After search engines, the remaining traffic to phishing pages comes from various sources.

                                      Netskope Threat Labs Report - Financial Services 2025 - Top web and cloud categories referring phishing pages in the financial services sector

                                       

                                      Individual Sector Highlights link link

                                      This section provides breakouts for the three individual sectors that compose financial services: banking, finance, and insurance.

                                      Banking

                                      Personal App Risk
                                      Personal app use is lowest in banking, where only 8% of users regularly send data to personal apps. Nonetheless, DLP is still a popular control to limit personal app risk, used by 70% of organizations, while coaching is used by 42%.

                                      Generative AI Risk
                                      Generative AI use is also lowest in the banking sector, where 8% of organizations have no genAI use, only 5% of the user population regularly use genAI apps, and organizations use eight apps on average. DLP (58%) and coaching (34%) are popular strategies for reducing genAI risk despite the lower adoption rate.

                                      Social Engineering Risk
                                      While social engineering is still prevalent in banking, users getting tricked into downloading malware (8.2 out of 1,000) and visiting phishing sites (4.3 out of 1,000) are lower than in finance and insurance.

                                      Finance

                                      Personal App Risk
                                      Personal app use is highest in finance, where 20% of users regularly send data to personal apps. Organizations in finance use DLP (75%) and real-time user coaching (35%) to mitigate the risk that comes along with this widespread personal app use.

                                      Generative AI Risk
                                      Generative AI use is also highest in finance, where 99% of organizations and 7% of users regularly use genAI apps, and each organization uses an average of 11 different apps. In response to the higher usage, finance organizations have also been more aggressive in adopting controls to mitigate the risks of genAI apps, with 61% using DLP and 35% using real-time user coaching.

                                      Social Engineering Risk
                                      Finance organizations see the most frequent social engineering risk, with 12.5 out of every 1,000 users downloading malware and 5.8 out of every 1,000 users visiting a phishing site monthly. These higher rates underscore the importance of using multi-layered threat protection capabilities to prevent and detect potential device and account compromise.

                                      Insurance

                                      Personal App Risk
                                      Personal app use in the insurance sector is higher than in banking but not as high as in finance, with 16% of users regularly uploading data into personal apps monthly. DLP adoption has been less aggressive, with only 61% of organizations using DLP to reduce personal app risk, while 41% use real-time user coaching.

                                      Generative AI Risk
                                      Generative AI adoption in insurance is just slightly behind finance, with 95% of organizations actively using genAI apps and the average organization using 9.3 different apps. While DLP adoption (36%) lags significantly behind banking and finance, real-time user coaching adoption (36%) is comparable.

                                      Social Engineering Risk
                                      Users in insurance encounter malware at a rate of 9.1 out of every 1,000 users and phishing at a rate of 5.2 out of every 1,000 users each month, which is in line with the averages in the financial services sector. The main difference is in the phishing targets: While cloud apps remain the top target, phishing attacks mimicking social media brands outnumber attacks mimicking popular banks.

                                      Netskope Threat Labs Report - Financial Services 2025 - Top phishing targets by links clicked in the insurance sector

                                       

                                      Recommendations link link

                                      Netskope Threat Labs recommends that financial services organizations review their security posture to ensure that they are adequately protected against the personal app risk, generative AI risk, and social engineering risk trends highlighted in this report:

                                      • Inspect all HTTP and HTTPS traffic (cloud and web) for phishing, malware, and other malicious content. Netskope customers can configure their Netskope NG-SWG with a Threat Protection policy that applies to all traffic.
                                      • Ensure that high-risk file types, like executables and archives, are thoroughly inspected using static and dynamic analysis before downloading. Netskope One Advanced Threat Protection customers can use a Patient Zero Prevention Policy to hold downloads until fully inspected.
                                      • Block access to apps that do not serve any legitimate business purpose or pose a disproportionate risk to the organization. A good starting point is a policy to allow reputable apps currently in use while blocking all others.
                                      • Block downloads from apps and instances not used in your organization to reduce your risk surface to only those apps and instances that are necessary for the business.
                                      • Block uploads to apps and instances not used in your organization to reduce the risk of accidental or deliberate data exposure from insiders or abuse by attackers.
                                      • Use DLP policies to detect potentially sensitive information–including source code, regulated data, passwords and keys, intellectual property, and encrypted data–sent to personal app instances, genAI apps, or other unauthorized locations.
                                      • Employ real-time user coaching to remind users of company policy surrounding AI apps, personal apps, and sensitive data during interaction.
                                      • Leverage the responses to coaching prompts to refine and create more nuanced policies, ensuring that coaching remains targeted and effective and does not contribute to cognitive fatigue.
                                      • Regularly review AI app activity, trends, behaviors, and data sensitivity to identify risks to the organization and configure policies to mitigate those risks.
                                      • Use an Intrusion Prevention System (IPS) to identify and block malicious traffic patterns, such as command and control traffic associated with prevalent malware. Blocking this type of communication can prevent further damage by limiting the attacker’s ability to perform additional actions.
                                      • Use a behavior analytics platform to identify hidden threats, like compromised devices, compromised accounts, and insider threats. A behavior analytics platform can identify sophisticated and difficult-to-identify threats in your environment, like malleable (customized) command and control beacons from frameworks like Mythic and CobaltStrike.
                                      • Use Remote Browser Isolation (RBI) technology to provide additional protection when visiting websites that fall into categories that can present a higher risk, like newly observed and newly registered domains.

                                       

                                      Netskope Threat Labs link link

                                      Staffed by the industry’s foremost cloud threat and malware researchers, Netskope Threat Labs discovers, analyzes, and designs defenses against the latest cloud threats affecting enterprises. Our researchers are regular presenters and volunteers at top security conferences, including DEF CON, BlackHat, and RSA.

                                       

                                      About This Report link link

                                      Netskope provides threat protection to millions of users worldwide. Information presented in this report is based on anonymized usage data collected by the Netskope One platform relating to a subset of Netskope customers with prior authorization.

                                      This report contains information about detections raised by the Netskope One Next Generation Secure Web Gateway (NG-SWG), not considering the significance of the impact of each individual threat. The statistics in this report are based on the period from January 1, 2024, through January 31, 2025. Stats reflect attacker tactics, user behavior, and organization policy.

                                       

                                      Threat Labs Reports

                                      In the monthly Netskope Threat Labs Report, you will find the top 5 malicious domains, malware, and apps that the Netskope Security Cloud platform blocked plus recent publications and a threat roundup.

                                      Threat labs

                                      Accelerate your security program with the SASE Leader