Netskope Threat Labs, the research arm of Netskope (NASDAQ: NTSK), a leader in modern security and networking for the cloud and AI era, today released its latest cybersecurity threat report focused on the financial services industry. The report presents findings from a 13-month observation and analysis of the primary cyber threats faced by organizations and employees in the financial services sector.
Figure) Generative AI usage in financial services: Proportion of personal vs. corporate accounts
As generative AI (genAI) adoption rapidly accelerates across the financial services industry, the risk of sensitive financial and customer data leakage is increasing. Regulated data accounts for 59% of data policy violations related to genAI use, highlighting significant challenges in data protection and compliance. Additionally, intellectual property (20%), source code (11%), and passwords and API keys (9%) are further exacerbating data exposure risks.
Generative AI is now widespread across the financial sector, intensifying data leakage risks. 70% of users actively use genAI tools, while 97% use applications that indirectly incorporate genAI functionality. Furthermore, 94% of users interact with genAI applications that use user data for training purposes.
Shadow AI use declines, but risks from mixed personal and corporate usage rise
Organizational efforts to control shadow AI are making progress. The proportion of users relying on personal genAI accounts for work has dropped significantly from 76% to 36% over the past year, while adoption of organization-managed genAI solutions has increased from 33% to 79%. However, the percentage of users who switch between personal and corporate genAI accounts has risen from 9% to 15%, increasing the risk of sensitive financial data moving between unmanaged and secure environments.
The genAI ecosystem is also diversifying. ChatGPT remains the most widely used genAI application, deployed in 76% of organizations, followed by Google Gemini at 68%. Emerging tools are gaining rapid traction—Google NotebookLM is now used by 39% of organizations, and AssemblyAI has surged from 1% in June 2025 to 37%, reflecting growing demand for specialized AI functions. Meanwhile, due to security and compliance concerns, tools such as ZeroGPT (46%), DeepSeek (44%), and PolitePost (43%) are being blocked by many enterprises, indicating heightened risk awareness.
Personal cloud apps and cloud-abused malware also pose significant threats
Beyond genAI, the use of personal cloud and online applications in the workplace poses serious data security threats. 65% of data policy violations involving personal apps stem from regulated data, indicating that sensitive financial information is particularly vulnerable when employees work in unmanaged environments. The most commonly used personal applications in financial services workplaces include LinkedIn (92%), Google Drive (84%), and ChatGPT (77%). Additionally, attackers are increasingly abusing trusted cloud platforms to distribute malware. GitHub is now the most abused platform for malware distribution, affecting 11% of organizations, followed by Microsoft OneDrive at 8%. By leveraging legitimate cloud infrastructure instead of suspicious domains, attackers can blend malicious activities into normal traffic, making threat detection significantly more difficult.
Ray Canzanese, Director of Netskope Threat Labs, stated:
"As financial institutions accelerate genAI adoption, the pathways to sensitive data exposure are multiplying. While the shift to managed tools is a positive step, our findings clearly show that risks remain, especially in areas where personal and corporate use overlap. A multi-layered approach is essential to reduce risk. This includes inspecting all web and cloud traffic to block malware, blocking unnecessary applications, and leveraging data loss prevention (DLP) to protect sensitive information. Technologies like Remote Browser Isolation (RBI) also play a critical role in enabling safe access to higher-risk websites."
Methodology: The report is based on anonymized usage data from a subset of Netskope's financial services customers worldwide, collected with prior consent between February 1, 2025, and February 28, 2026.
For the full report, visit the link provided.
About Netskope
Netskope (NASDAQ: NTSK) leads the industry with cutting-edge security and networking technologies for the cloud and AI era. Netskope delivers optimized access and real-time, context-aware security across the entire AI ecosystem—including users, devices, data, agents, applications, tools, and LLMs—meeting the needs of both security and network teams. Thousands of customers, including over 30 Fortune 100 companies, trust and use the Netskope One platform, Zero Trust Engine, and powerful NewEdge network. These solutions enable full visibility into cloud, AI, SaaS, web, and private application usage, reducing security risks and enhancing network performance.
For more information, visit netskope.com/jp.
Media Contact Netskope Public Relations Office (c/o NEXT PR Inc.) TEL: +81-3-4405-9537 FAX: +81-3-6739-3934 Email: netskopePR@next-pr.co.jp
FACT BOX
- Source: PR TIMES
- Category: Survey
- Organizations: Google / Microsoft / LinkedIn
- Products / services: Netskope One / Zero Trust Engine