Bank executives at U.S. financial institutions are upping their cybersecurity budgets and awareness in 2025 following multiple 2024 data breaches. 

In response to the breaches, 88% of bank executives plan to increase their IT and tech spend in 2025 by at least 10% to enhance security measures, according to data security company Integris’ Understanding U.S. Bank’s Annual IT Spend in 2025 report. The survey, conducted with 1,051 bank executives between June 26 and July 30 by York Public Relations, found: 

• 98% of bank executives fear a cyber breach; and

• 43% of bank executives rank cybersecurity as their number one priority for 2025.  

The following 2024 data breaches made waves:  

• American Express filed a notice of a data breach through an unnamed third-party vendor with the Office of Consumer Affairs and Business regulations in Massachusetts on March 5. Fraudsters gained access to 50,000 customers’ account information. 

• Evolve Bank & Trust suffered a data breach in May orchestrated by cybercriminal organization Lockbit. 

• Bank of America reported in May that a data breach at cloud provider Infosys McCamish Solutions exposed the information of 57,000 bank clients. 

• Santander Bank filed a notice with the offices of attorney generals in Maine and Vermont in June that an April data breach exposed the information of 12,786 customers. 

Global cybersecurity investment

While FIs up their cybersecurity game, it’s not just financial institutions that are increasing their anti-fraud spend.  

CIOs in global industries increased cybersecurity budgets to $215 billion in 2024, up 14.3% from 2023, according to Gartner’s 2024 worldwide IT spend forecast report. 

“It doesn’t matter which vertical you look at. Everybody had a bad year,” Carl Froggett, chief information officer at data security company Deep Instinct, told Bank Automation News. He specifically noted disruption among credit unions, health care, hotels and casinos.  

Fraudsters tap AI

So, what caused this disruption?  

Fraudsters are using AI, generative AI and large language models to facilitate breaches, Froggett said.  

The new technology enables fraudsters to remove malware coding from the equation and intentionally drive fraud; using ChatGPT to write phishing emails is one example of this.  

“ChatGPT will do that all day long,” Froggett said, adding that ChatGPT is accurate, grammatically correct and takes no time. That’s how a lot of these breaches occur,” he said.  

Register here for early-bird pricing for Bank Automation Summit 2025, taking place March 3-4 in Nashville, Tenn. View the full event agenda here.