Insider Fraud: Combating the Growing Threat in Financial Services

The financial services industry (FSI) has always been a target for cyberattacks. But with real-time services, personalized products, the rapid adoption of technology including the widespread use of artificial intelligence (AI), it remains challenging to stay safe and protected in this highly competitive industry.

FSI is a Top Target for Insider Threats

Across the financial services industry (FSI), billions of dollars are exchanged so it’s not surprising that the industry is a top target for threat actors. Over the past two decades, the financial industry experienced $12 billion in losses from cyber incidents. That figure is alarming. For banks, investment and brokerage firms, insurance and real estate companies, the consequences extend beyond cost:

• Disruption. Any type of cyber incident can take company services offline while the situation is contained. 
• Reputation/trust. Any data breach, but especially in the financial industry, raises issues of trust regarding the company’s ability to keep customer data – or, in this case, money – safe. Negative experiences, negative press, and/or a lack of customer-first responses can send consumers elsewhere. 
• Regulatory fines. Cyber incidents in financial organizations come with regulatory costs, with compliance failures adding up to millions in fines. And bank lobbyists are fending off legislative attempts to force firms to do more to protect customers or share their losses.

Insider threats impact FSI organizational integrity and confidentiality, as well as trust from consumers. The 2025 Cost of Insider Risks Global Report found that the annualized activity cost of insider incidents for financial services is $20M. This makes FSI one of the hardest hit industries.

Understanding Financially Motivated Fraud

Malicious insiders act out on two primary intentions: to inflict serious harm to the company or to gain a financial windfall. These insiders tend to be motivated by personal grievances, by a devastating personal financial backslide that puts the insider in need of a get-rich-quick scheme or because of blackmail. In some cases, insiders are recruited by cybercriminal rings or nation-state threat actors who target those with elevated privileges or those with access to desirable data like patent holders, to keep the odds of being identified much smaller.

“In most cases, threat actors want to keep the number of observables to a minimum and enable remote access as quickly as possible. This makes it easier to recruit an insider and minimize the risk of getting caught,”
CSO Magazine

According to Bloomberg, fraud is on the rise particularly in banking:

• A bank employee hired to detect money laundering used her insider information to share personal financial data with a crime network. 
• A bank employee was jailed for money laundering on behalf of a crime ring using a romance scam. 
• A bank employee received bribes to open fake accounts and unblocked debit cards connected to those accounts. 

Connections between threat actors and insiders aren’t usually random. In many cases, these insiders are targeted. Criminal actors reach employees by scouring social media accounts, looking for individuals who may be impacted by a tragic situation – high medical bills, a spouse’s job loss, a home lost to a natural disaster – and who are in a vulnerable emotional state already. For the most part, these are upstanding people who are in such dire straits that they see no other way out.

And sometimes there are no third-party actors involved. The insider may act on their own, thinking that no one will miss one check, which leads to two checks, to finally hundreds of thousands of dollars in fraudulent actions. Or it is an insider who is angry at the company or at the world and thinks they deserve their fair share of someone else’s wealth.

Some warning signs to look out for include:

• Favoritism from a customer toward one employee, especially in situations outside that employee’s job duties
• Becomes secretive about the work they are doing
• Poor documentation setting up accounts, on loan documentation or insurance payments
• Numerous similarities across multiple applications
• Incomplete credit history on financial applications and documents
• Downloading an unusual amount of data
• Accessing data that isn’t part of their job function

How to Stay Protected

Insider threats are a part of almost all security incidents. Whether intentional or accidental, insider actions can fuel phishing and ransomware, advanced persistent threats and data breaches, attacks through third-party vulnerabilities, and malicious insiders committing fraud. This is why broadening the understanding of what constitutes a business threat is so important.

It is time to expand focused security efforts from ransomware, phishing and malware to address the broader scope of identifying risks earlier, before a security event. This involves shifting from reactive containment and incident response to proactive detection and mitigation. Focus on early behavioral indicators rather than exfiltration, which occurs at the end of the threat kill chain.

Other steps to discourage risky behavior and protect employees and corporate assets include:

• Create and enforce comprehensive policies around access and use of data, including data labeling
• Deploy least privilege models but don’t give a single employee all responsibility and access to accounts
• Restrict use of shadow IT and AI and personal devices
• Encrypt all sensitive information both in rest and in transit
• Provide regular security awareness training with emphasis on insider risk
• Establish an insider risk management program

The stakes for financial services are higher than ever. The power of quantifying risk is rooted in the collection of data across cyber, physical, and psycho-social sources and not individual behaviors. It’s about capturing, correlating and aggregating those data sets to quantify risk more effectively to be able to proactively detect risk and course correct or intervene early before a security event.

Financial organizations are increasingly turning to DTEX InTERCEPT to proactively protect against insider threats. Read our Industry Quick Look or request a demo to better understand how InTERCEPT overcomes the Financial Service Industry’s toughest security and compliance challenges.