Trust is one of the cornerstones of the financial services industry. But there are always challenges when it comes to cybersecurity.
The scale and sophistication of cyberattacks on financial institutions are approaching new heights, with the International Monetary Fund reporting that they have more than doubled since the pandemic. Globally, that makes financial services the most targeted sector. The average breach in the industry costs banks $6.08 million per incident and that doesn’t include the reputational and regulatory consequences. At the same time, hackers are using more complex methods, from AI-generated phishing attacks to mobile malware. A recent Verizon report backed this up, finding that 91% of financial breaches involved external actors who often used stolen credentials and surgical phishing tactics to scale the fence.
In this environment, traditional, perimeter-based defenses just don’t cut it anymore. That’s why financial services companies are adopting Zero Trust architecture as the new security standard for their employees.
Understanding Zero Trust
Zero Trust operates on the principle that access should never be granted by default. Instead, based on the constant confirmation of identity, device integrity, location and other contextual signals, access must be earned and continuously validated. Devices must repeatedly meet strict security standards, and all usage is governed by dynamic, context-aware policies that adapt in real time.
You’ve probably already experienced Zero Trust in action without realizing it: If you’ve been logged out of your banking app after a few minutes of inactivity, asked to approve a login on your phone when signing in on your laptop, or received a one-time passcode via text before accessing an account.
Zero Trust is particularly appropriate for mobile-first environments, in which employees, contractors and customers are seeking access to sensitive information from smartphones and tablets. It helps ensure strong protections while acknowledging the reality of today’s more flexible and often hybrid work arrangements.
Too many banks, however, still rely on fragmented legacy security systems that trust too much (even if that’s just a little bit). The tools that many financial institutions use were designed for more static environments, not for today’s global and mobile users with their own personal devices. And these systems fail to ensure what should be modern threshold requirements like real-time policy enforcement, device attestation and remote access control.
Zero Trust in action
First Republic Bank implemented a Zero Trust approach centered on identity-based access controls (IBAC) in 2023 and saw striking results. Over a six-month period, there was a 66% reduction in both unauthorized access to sensitive data and insider threat incidents. Third-party breach attempts plummeted 62%, and user compliance and awareness of the new security policies soared. Best of all, First Republic saw performance—in the form of authentication speed—increase by 17%, showing that Zero Trust and a seamless user experience are not mutually exclusive.
Secure at the mobile edge
Endpoints like mobile devices are the new perimeter, and keeping them secure is key to making Zero Trust real. The most effective solutions support device attestation, containerization of business data, conditional access enforcement and remote control capabilities like wipe and lock. These approaches work best when IT teams can tailor policies to different user personas and their accompanying risk levels.
It all may sound like unnecessary extra steps, but Zero Trust actually allows banks to maintain productivity without ever compromising on security.
Protecting sensitive financial data in 2025 means securing every device and every user, every time. Learn more about how Zero Trust works in our white paper and explore how Samsung Knox helps financial institutions implement Zero Trust on mobile.
