Artificial intelligence’s (AI) emergence in the fintech scene has been a blessing and a curse. While it has helped streamline organisations’ services, it has also been used by bad actors and resulted in many, especially in the UK, questioning their risk management tools.
Looking to uncover how different regions of the world are responding to the threat of misused AI, Ping Identity, a provider of seamless and secure digital experiences, conducted a survey of 700 IT decision-makers across the UK, US, France, Germany, Australia and Singapore.
The survey found that 62 per cent of UK respondents are not very confident their organisation has the identity management tools to defend against bad actors’ use of AI. This was the lowest rate of confidence felt globally compared to 48 per cent of U.S. respondents saying the same.
The urgency to manage AI-related identity risks, including deepfakes, is low in the UK with around one third (35 per cent) already having a strategy in place to manage threats of this nature. This is compared to 55 per cent of French respondents and 42 per cent of German respondents.
With failure to adequately prepare leaving organisations exposed to identity cybercrime and reputational, financial, and regulatory repercussions, it’s positive that 58 per cent of UK executives are planning to increase their investments to keep up with new threats over the next 12 months.
“To stand a chance against advancing identity fraud tactics, businesses must leverage more advanced technologies,” said Patrick Harding, chief product architect at Ping Identity. “Only 45 per cent of global organisations have implemented multi-factor authentication (MFA). Consequently, the majority have left themselves critically exposed to cybercriminals leveraging sophisticated AI tactics.”
An untapped opportunity
Ping Identity’s research also found that decentralised Identity (DCI) is an untapped opportunity globally, but better education is needed in the UK to improve adoption.
In fact, 95 per cent of global businesses (and 82 per cent in the UK) think decentralised identities would be valuable to their customers and employees – citing benefits like greater integration, quicker/faster identity verification and increased user control – but nearly half (46 per cent) of UK respondents would require improved training and education on it to encourage adoption more widely.
“Fraud is on the rise, and it’s getting worse with AI. Smart leaders know they need to level up yet so many organisations don’t have the right guardrails in place to mitigate or prevent these kinds of threats. The longer they go without, the more they put themselves in harm’s way. Acting against tomorrow’s attacks means planning – and getting started – now,” added Jamie Smith, decentralised identity expert.
Other notable findings for UK decision-makers
Organisations have protections against identity fraud, but the UK relies on multi-factor authentication in place of more advanced technologies. In fact, 59 per cent of UK respondents admit they have 2FA or MFA in place to protect employees and customers against fraud while half use biometrics to protect employees and customers against fraud.
Nonetheless, 40 per cent of UK organisations still have one-time passcode authentication in place. Alarmingly, nearly a third (32 per cent) still use knowledge-based authentication, i.e, childhood pets, mother’s maiden name.
Looking to the future, the top business priorities for decision-makers in the UK are:
- providing a good user experience (47 per cent)
- protecting sensitive data (43 per cent)
- reducing financial/reputational loss (42 per cent)
With that, 43 per cent of UK respondents admit they struggle to balance security needs with the need to ensure users are not overburdened or experiencing friction in the user experience.
What’s more, over a third (37 per cent) of UK respondents admit to lacking the in-house skills needed to implement ID verification measures and therefore make the logging-in process more seamless.