Ben Hunter, Financial Services Director at Gigamon, looks at how financial organisations and retail banking providers can overcome security challenges in 2025.

Nearly one-fifth of reported cyber-attacks in the past two decades have targeted financial organisations and retail banking providers are finding themselves at the centre of such disruption, with transactional fraud a consistent challenge.  

Given that providers of retail banking services are required to store sensitive payment data and handle high-profile information as part of their operational framework, they have an over-reliance on cloud services and dependence on legacy systems.

It’s no surprise therefore that these financial institutions have become such attractive propositions for malicious actors.  

Subsequently, and in line with this concerning trend, the UK public are on high alert regarding vulnerabilities that threaten the security of sensitive information held by companies that interact with and rely on financial transactions, with research revealing that online shopping platforms lead the way in levels of concern surrounding data protection, followed by retail banking or financial service providers.   

Commercial foothold 

Retail banking institutions are doing all they can to retain and grow their commercial foothold within a challenging competitive environment.

There is a plethora of ways consumers can access credit cards and other financial services and brand no longer guarantees customer loyalty.  

As pressure subsequently builds, these institutions must continuously evolve their operational processes and technology stack to deliver seamless digital experiences that satisfy both internal and external expectations and which can cope with the increased demand.

We are therefore seeing institutions turn to new technologies such as AI, blockchain and mobile banking to help enhance the customer experience and deliver more personalised, transparent transactions.  

Another way retail banking institutions are attempting to navigate economic challenges and increase ROI, in addition to leveraging technological advantages, is through corporate reorganisation and restructuring, such as M&As.  

A trend of collaboration 

These cases highlight the increasing frequency of M&As within the industry over the past 12 months and emphasise a trend towards collaboration that shows no signs of slowing down.

However, although these M&As are driven with the intention to leverage combined expertise and experience to enhance business operations, it can unfortunately often cause significant business disruption due to two estates being integrated that are very different in terms of security and operational processes.   

When two organisations merge, their combined digital infrastructure is inherently fragmented, creating additional points of entry for cybercriminals and increasing the opportunity for blind spots and gaps to arise.

New systems, applications and platforms—each with potential vulnerabilities—are introduced, thereby expanding the attack surface.  

This becomes increasingly complex with the continued use of legacy systems across organisations that lack modern security features, making them more susceptible to cyberattacks and data breaches.  

To reduce risk and enable secure integration when merging with another organisation, retail banks must establish comprehensive network monitoring tools and real-time visibility into all data in motion to illuminate inherited blind spots and seal points of exposure across hybrid and multi-cloud environments.   

Digital infrastructure and technology aren’t the only shared aspect of an M&A, as companies also look to align security protocols and frameworks that were once tailored to a solitary organisation. Providers of retail banking services will each have their own set of security standards in place, creating potential conflicts when it comes to securing all systems post-merger.

This inconsistency can lead to gaps in security and  potential regulatory fines imposed by mandates such as DORA if the newly merged entity fails to unify these protocols quickly.  

Merging institutions must align their cybersecurity policies, frameworks and tools to establish a cohesive and strong security posture.

To tackle this issue, retail banks should take immediate steps to harmonise cybersecurity policies from the outset of M&As, implementing best practices for threat mitigation.

Failure to align security protocols can result in catastrophic data breaches or financial losses, highlighting the critical need for full visibility into potential vulnerabilities to help finetune security measures.  

Customer data 

Similarly, when retail banking institutions merge, they must combine vast amounts of customer data, transaction histories, account details and more.

This process can be fraught with security risks and leave an ocean of sensitive information exposed if not handled properly.

During integration, data is moved between conflicting architectures, opening the door to potential breaches if malicious actors are able to target weak spots during the transition.  

Furthermore, banks are required to ensure that all customer data remains protected in compliance with privacy regulations such as the General Data Protection Regulation (GDPR), and will be penalised accordingly if they fail to meet regulatory standards.

In order to address these challenges and ensure a proactive approach to security, a comprehensive view of all network traffic, both East-West and North-South, is vital.  

M&As can also pave the way for the emergence of insider threats, whether accidental or malicious.

Any M&A is likely to present an extended period of organisational change and with that change often comes a shift in corporate culture and operational structure.

Employees from both institutions may face levels of uncertainty and resistance to change, prompting instability within the environment.

This increases the likelihood of insider threats as disgruntled employees or those who feel sidelined during the merger process may misuse and exploit their access to sensitive data for malicious purposes.   

Furthermore, a merger presents opportunities for employees to gain access to new systems, networks, and sensitive data that they were not previously authorised to view.

This expanded access could lead to the purposeful or accidental exposure of confidential financial data, client records, or internal business strategies.

If security controls are not properly aligned, insiders could exploit this access for personal gain or inadvertently assist threat actors in obtaining restricted information.  

Seamless digital interactions 

A final point of consideration that stresses the need for retail banking institutions to eliminate all blind spots, especially amid the uncertainty and lack of familiarity during an M&A, is the prospect of network downtime that could threaten levels of service and derail customer trust.

With an increasing transition towards a cashless society, dependency on electronic payment systems is growing at an exponential rate.  

As it stands, a UK-wide electronic payment failure would impact almost every aspect of consumer life, from the ability to buy groceries and fuel to paying for housing and healthcare.

In retail, any interruption of these systems could lead to significant disruptions in daily transactions, damaging both the reputation of the retailer and customer satisfaction at all levels of the supply chain.  

As banking operations become more reliant on seamless digital interactions, ensuring continuous connectivity and minimising the risk of network downtime is crucial.

Retail banking institutions must implement robust monitoring and contingency plans to maintain uninterrupted service, safeguard customer trust, and avoid the cascading effects that even brief service outages can cause.   

While the benefits afforded to retail banking institutions in joining forces and strengthening levels of service are clear, the ensuing potential for disruption to infrastructure and operations cannot be overlooked.

This highlights a need for a greater level of understanding surrounding the preservation of security measures across an organisation’s digital infrastructure, especially where data is stored, if the shared goal of a comprehensive security posture is to be realised.   

This article was originally published in the February 2025 Edition of Security Journal UK. To read your FREE digital edition, click here