What are the main threats you are seeing in banking, leisure and insurance?
We are all increasingly connected, and this has opened up a range of risks that we could not have imagined before. Attackers have evolved: they now look for sectors where there is truly valuable information and many people relying on digital services on a daily basis. Banking, leisure and insurance are in their sights.
Why is the banking sector one of the most targeted?
Because that’s where the money is, plain and simple. What’s more, any small failure has a huge impact on thousands of people. In Spain alone, more than 18% of cyberattacks targeting businesses are aimed at banking, which shows how attractive this sector continues to be for attackers. Banks have greatly improved their security, but they still remain one of the favourite targets.
Which vulnerabilities are most critical?
Above all, those that depend on the user: weak passwords, clicking on fake links, accidentally sharing data…
Banking systems are usually very well protected, so attackers often look for the ‘most human’ route, which is to deceive the customer or sometimes even an employee.
And how is security being managed in digital payments and mobile banking?
Many layers of protection are being put in place, such as strong authentication and systems that detect unusual behaviour. But in my opinion, none of that can replace user education. Technology helps, but training is what really makes the difference: together we can build a great ‘human firewall’.
What specific risks exist on entertainment platforms?
In this sector, the biggest risk is that users tend to let their guard down. When we log into a game or book a trip, we are thinking about our own entertainment, not whether our data is being stolen. And that is precisely where there is the most impersonation, account theft and fraud.
The worrying thing is that this trend is on the rise: in gaming and online platforms alone, it is estimated that more than 500 million accounts were compromised last year, many of them through weak or reused passwords. Something similar happens in tourism, where booking fraud and impersonation skyrocket, especially in high season.
How does data and credential theft affect us?
Much more than it seems. People are annoyed when they lose an account, but behind that account there are emails, saved cards, personal data… and all of that can end up in the wrong hands. It’s a domino effect.
What measures should leisure companies take?
Protect accounts well, strengthen access and, above all, make security easy for the user. If protection is complicated, people won’t do it. I also think they should communicate more: explain better what to do and what not to do.
What challenges does this sector face?
We are talking about very sensitive data here: medical records, financial information, policies… This is data that no user wants to see exposed. And it’s not a minor risk: more than 60% of insurers admit to having legacy systems that make it difficult to defend against cyberattacks, making modernisation an urgent challenge. The goal is to protect all that information without slowing down the business.
What role does cyber insurance play?
It is becoming increasingly important. Previously, it was an add-on, but now it is part of the strategy of any company that wants to be prepared. It does not prevent attacks, but it helps greatly in managing the impact when the inevitable happens.
What attacks are most common?
Above all, ransomware. It is a global problem, and insurers are no exception. The more valuable the information, the more attractive it is to paralyse a company and demand a ransom.
How can we improve end-user awareness?
The key is to make it simple and useful. People don’t need to become experts: they need to know how to recognise a scam, protect their passwords and be wary of anything that “sounds strange”. When training is practical and repeated frequently, the difference is very noticeable. At the end of the day, we are all part of security.
What will be the biggest challenge in the next five years?
Artificial Intelligence will undoubtedly be the biggest challenge over the next five years. It will help us a lot, but it will also make attacks more realistic and very difficult to distinguish from legitimate ones. Deepfakes, automated scams, messages that appear to be written by someone trustworthy… according to several consulting firms, more than 80% of attacks in 2030 will incorporate some component of AI. And that forces us to rethink how we understand security.
Added to this is quantum computing, which may not be an immediate threat, but it is a race that has already begun. When it reaches maturity, current encryption algorithms will have to evolve. In fact, many governments and companies are already working on ‘post-quantum’ standards because a sufficiently powerful quantum computer could break current keys in minutes.
Companies that understand this new scenario and adapt quickly will be the ones that are truly prepared. Ultimately, cybersecurity is not about predicting the future… it’s about getting there first.
