Australia is leading the charge in digital payments, with mobile wallet transactions skyrocketing to $126 billion in 2023—a staggering 169-fold increase since 2018, according to the Australian Banking Association (ABA). But as the relentless wave of digitisation transforms payment systems, many financial institutions, particularly smaller ones, are struggling to keep pace in other critical areas of IT, especially identity security.
These institutions face a perfect storm of challenges. Burdened by outdated, manual identity management processes, they are increasingly targeted by sophisticated cyberattacks, including those fuelled by AI and deepfake technologies. In the first half of 2024, financial services ranked among the top three sectors for reported data breaches, with phishing and compromised credentials identified as leading causes in the latest Notifiable Data Breaches Report.
Adding to the pressure, an evolving regulatory landscape is demanding compliance with stringent and ever-changing requirements. According to SailPoint’s 2024 State of Identity Security in Financial Services report, 93% of financial services companies struggle to meet these standards, resulting in a critical gap in their ability to safeguard operations, protect reputations, and build resilience against growing threats.
Leading CISOs from the financial services industry (FSI) and insurance organisations across Australia and New Zealand recently convened to discuss the key identity security challenges facing FSIs in 2025—and actionable strategies to mitigate potential disasters.
Manual Processes: A Critical Vulnerability for FSIs
The top issue identified is the manual identity management processes which introduce inefficiencies, errors, and over-provisioning of access rights. SailPoint’s research shows 74% of FSIs still rely on manual workflows for tasks like onboarding and offboarding staff, creating delays and increasing exposure to threats.
Smaller institutions are particularly affected, and 48% wish to prioritise automation in the next 12 months to manage growing identity complexities. Cloud-based solutions and automation through AI and machine learning offer scalability, efficiency, and real-time visibility, helping FSIs reduce risk and boost productivity. For smaller organisations, automation is a crucial step toward meeting compliance standards and addressing identity security challenges effectively.
Changing regulatory demands and risks
Regulatory compliance was identified as a mounting challenge. Smaller institutions face the toughest battle, as they are expected to meet the same stringent standards as larger enterprises but with far fewer resources.
The stakes couldn’t be higher: 64% of organisations reported identity-related audit findings in the past two years, and nearly half cited changing regulations as a top challenge. Failure to adapt can lead to costly penalties, reputational damage, and eroded stakeholder trust.
SaaS-based identity security solutions provide a lifeline, automating compliance processes, providing full visibility into all identities, and simplifying audits. For smaller FSIs, these tools level the playing field, reducing resource strain and ensuring organisations can stay ahead of regulatory demands while protecting their operations and reputations.
A surge in machine identities
Machine identities were identified as the third key issue. These non-human accounts often used by applications and bots are expanding at an unprecedented rate, outpacing human identities. According to the Horizons of Identity Security 2024 report, digital identities are expected to grow by 14% over the next 3-5 years, with machine identities driving this surge. These accounts often require elevated privileges to function, making them attractive targets for cybercriminals.
The rise in AI adoption, automation, and mobile and online banking has further fuelled the proliferation of machine identities, adding layers of complexity and governance challenges. Many FSIs lack the frameworks and tools needed to secure these identities, leaving critical systems exposed.
To address this, FSIs must adopt purpose-built identity security solutions to discover, manage, and govern machine identities, especially since unmanaged machine accounts often go unnoticed. Automating lifecycle management and ensuring appropriate access privileges are key to mitigating associated risks. Real-time visibility into identity access is also essential to identify and address vulnerabilities before they can be exploited, safeguarding both operations and reputations.
Addressing the challenges: why prioritise Identity Security now
The rapid expansion of digital identities, compounded by regulatory and operational pressures, means identity security is no longer optional—it’s essential. FSIs must act now to avoid falling behind and exposing themselves to unnecessary risks.
A positive correlation between organisations with advanced identity security experience and the value derived from identity security initiatives, suggests that organisations prioritising cloud adoption, AI and automation are likely to reap greater benefits in terms of security, efficiency, and scalability. Additionally, the concept of “bending the curve,” indicates that strategic investment in identity security delivers disproportionate returns across risk reduction, business value, and productivity improvements, reinforcing the importance of viewing identity security as a strategic investment rather than a cost centre.
By adopting a unified and automated approach to identity security, financial institutions can enhance resilience, maintain compliance, and enable seamless digital transformation. The stakes are too high to wait—investing in identity security today is the only way to secure the future.
