artificial intelligence; awareness; behavioral cybersecurity; delphi study
Abstract :
[en] The use of cybersecurity tools powered by artificial intelligence (AI) continues to gain traction in the financial services industry. On the one hand, they can strengthen an organization’s technical cybersecurity posture. On the other hand, even if cybercriminals also leverage AI to exploit human weaknesses, there are early indications that AI can help equip the workforce against evolving threats. Based on a structured literature review (SLR) and a Delphi study, this article identifies the most promising end-user-focused use cases in which AI can assist financial institutions in combating cybersecurity threats and gearing their workforce up to thwart cyberattacks. For information security executives and researchers alike, this study provides a first set of general directions on which AI-powered and user-centric tools and solutions to focus on in the near future.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > FINATRAX - Digital Financial Services and Cross-organizational Digital Transformations NCER-FT - FinTech National Centre of Excellence in Research
Disciplines :
Management information systems Computer science
Author, co-author :
FRANK, Muriel-Larissa ✱; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX
BRENNECKE, Martin ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX
HÖLZMER, Pol ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX
POCHER, Nadia ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX
FRIDGEN, Gilbert ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX
✱ These authors have contributed equally to this work.
External co-authors :
no
Language :
English
Title :
Potential of AI for User-Centric Cybersecurity in the Financial Sector
Publication date :
07 January 2025
Event name :
Proceedings of the 58th Hawaii International Conference on System Sciences (HICSS)
Event place :
Big Island, United States - Hawaii
Event date :
7 to 10 January 2024
Audience :
International
Main work title :
Proceedings of the Annual Hawaii International Conference on System Sciences 2025
Publisher :
ScholarSpace
Edition :
58
Collection name :
Proceedings of the Annual Hawaii International Conference on System Sciences
Collection ISSN :
2572-6862
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
Development Goals :
4. Quality education 9. Industry, innovation and infrastructure
FnR Project :
FNR13342933 - Paypal-fnr Pearl Chair In Digital Financial Services, 2019 (01/01/2020-31/12/2024) - Gilbert Fridgen FNR16570468 - 2021 (01/07/2022-30/06/2030) - Gilbert Fridgen
FNR - Fonds National de la Recherche FNR - Luxembourg National Research Fund Banque et Caisse d'Épargne de l'État (Spuerkeess)
Funding number :
13342933
Funding text :
This work was funded by Luxembourg’s FNR and PayPal, PEARL grant ref. 13342933/Gilbert Fridgen, and grant ref. NCER22/IS/16570468/NCER-FT (CryptoReg), and supported by Banque et Caisse d'Épargne de l'État (Spuerkeess). For open access purposes, the authors have applied a CC BY 4.0 license to any Author Accepted Manuscript arising from this submission.
Abu-Amara, F., Almansoori, R., Alharbi, S., Alharbi, M., & Alshehhi, A. (2021). A novel SETA-based gamification framework to raise cybersecurity awareness. International Journal of Information Technology, 13(6), 2371-2380.
Aljawarneh, S. A., & Gupta, M. (Eds.). (2017). Online banking security measures and data protection. IGI Global.
Al-Mashhour, A., & Alhogail, A. (2023). Machine-learning-based user behavior classification for improving security awareness provision. International Journal of Advanced Computer Science and Applications (IJACSA), 14(8).
Ansari, M. F. (2022). A Quantitative Study of Risk Scores and the Effectiveness of AI-Based Cybersecurity Awareness Training Programs. International Journal of Smart Sensor and Adhoc Network., 1-8.
Atkins, L., Banerjee, S., Boer, M., Craig, L., Greis, J., Hao, G., & Idler, M. (2024). The cyber clock is ticking: Derisking emerging technologies in financial services. Retrieved May 11, 2024, from https://mckinsey.com/capabilities/risk-and-resilience/our-insights/the-cyber-clock-is-ticking-deriskingemerging-technologies-in-financial-services
Barletta, V. S., Calvano, M., Caruso, F., Curci, A., & Piccinno, A. (2023). Serious Games for Cybersecurity: How to Improve Perception and Human Factors. 2023 IEEE International Conference on Metrology for eXtended Reality, Artificial Intelligence and Neural Engineering (MetroXRAINE), 1110-1115.
Barone IV, C. R., Mekni, M., & Nassar, M. (2023). Gargoyle Guard: Enhancing cybersecurity with artificial intelligence techniques. 3rd Intelligent Cybersecurity Conference (ICSC), 127-132.
Berente, N., Gu, B., Recker, J., & Santhanam, R. (2021). Managing artificial intelligence. MIS Quarterly.
Brancheau, J. C., Janz, B. D., & Wetherbe, J. C. (1996). Key issues in information systems management: 1994-95 SIM Delphi results. MIS Quarterly, 20(2).
Chan, L., Morgan, I., Simon, H., Alshabanat, F., Ober, D., Gentry, J., Min, D., & Cao, R. (2019). Survey of AI in cybersecurity for information technology management. Technology & Engineering Management Conference.
Chen, B., Wu, Z., & Zhao, R. (2023). From fiction to fact: The growing role of generative AI in business and finance. Journal of Chinese Economic and Business Studies, 21(4), 471-496.
Cram, W. A., D'Arcy, J., & Benlian, A. (2024). Time will tell: The case for an idiographic approach to behavioral cybersecurity research. MIS Quarterly, 48(1), 95-136.
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for behavioral information security research. Computers & Security, 32, 90-101.
Dalkey, N., & Helmer, O. (1963). An experimental application of the Delphi method to the use of experts. Management Science, 9(3), 458-467.
Darem, A. A., Alhashmi, A. A., Alkhaldi, T. M., Alashjaee, A. M., Alanazi, S. M., & Ebad, S. A. (2023). Cyber threats classifications and countermeasures in banking and financial sector. IEEE Access, 11.
Dash, B., & Ansari, M. F. (2022). An effective cybersecurity awareness training model: First defense of an organizational security strategy. International Research Journal of Engineering and Technology.
Delbecq, A. L., Van de Ven, A. H., & Gustafson, D. H. (1975). Group techniques for program planning: A guide to nominal group and Delphi processes. Scott, Foresman & Co.
Dell'Acqua, F., McFowland, E., Mollick, E. R., Lifshitz-Assaf, H., Kellogg, K., Rajendran, S., Krayer, L., Candelon, F., & Lakhani, K. R. (2023). Navigating the jagged technological frontier: Field experimental evidence of the effects of AI on knowledge worker productivity and quality [ssrn:4573321].
Dhashanamoorthi, B. (2021). Artificial intelligence in combating cyber threats in banking and financial services. International Journal of Science and Research Archive, 4(1), 210-216.
Dhillon, G., Smith, K., & Dissanayaka, I. (2021). Information systems security research agenda: Exploring the gap between research and practice. The Journal of Strategic Information Systems, 30(4).
El Hajal, G., Abi Zeid Daou, R., & Ducq, Y. (2021). Human firewall: Cyber awareness using WhatApp AI chatbot. 3rd International Multidisciplinary Conference on Engineering Technology (IMCET).
Espinha Gasiba, T., Lechner, U., & Pinto-Albuquerque, M. (2020). Sifu - a cybersecurity awareness platform with challenge assessment and intelligent coach. Cybersecurity, 3(1), 24.
Espinha Gasiba, T., Lechner, U., Pinto-Albuquerque, M., & Porwal, A. (2021). Cybersecurity awareness platform with virtual coach and automated challenge assessment [arXiv:2102.10430].
Fares, O. H., Butt, I., & Lee, S. H. M. (2023). Utilization of artificial intelligence in the banking sector: A systematic literature review. Journal of Financial Services Marketing, 28(4), 835-852.
Gai, K., Qiu, M., & Sun, X. (2018). A survey on FinTech. Journal of Network and Computer Applications, 103, 262-273.
Guembe, B., Azeta, A., Misra, S., Osamor, V. C., Fernandez-Sanz, L., & Pospelova, V. (2022). The emerging threat of AI-driven cyber attacks: A review. Applied Artificial Intelligence, 36(1).
Gulyás, O., & Kiss, G. (2023). Impact of cyber-attacks on the financial institutions. Procedia Computer Science, 219, 84-90.
Hilario, E., Azam, S., Sundaram, J., Imran Mohammed, K., & Shanmugam, B. (2024). Generative AI for pentesting: The good, the bad, the ugly. International Journal of Information Security.
IBM. (2023). Cost of a data breach report 2023. Retrieved June 10, 2024, from https://www.ibm.com/reports/data-breach
Javaheri, D., Fahmideh, M., Chizari, H., Lalbakhsh, P., & Hur, J. (2024). Cybersecurity threats in FinTech: A systematic review. Expert Systems with Applications, 241.
Jawhar, S., Miller, J., & Bitar, Z. (2024). AI-driven customized cyber security training and awareness. 3rd International Conference on AI in Cybersecurity.
Kallonas, C., Piki, A., & Stavrou, E. (2024). Empowering professionals: A generative AI approach to personalized cybersecurity learning. Global Engineering Education Conference (EDUCON).
Kaur, R., Gabrijelčič, D., & Klobučar, T. (2023). Artificial intelligence for cybersecurity: Literature review and future research directions. Information Fusion, 97, 101804.
Keeney, S., Hasson, F., & McKenna, H. (2006). Consulting the oracle: Ten lessons from using the Delphi technique in nursing research. Journal of Advanced Nursing, 53(2), 205-212.
Keshavarzi, M., & Ghaffary, H. R. (2020). I2CE3: A dedicated and separated attack chain for ransomware offenses as the most infamous cyber extortion. Computer Science Review, 36.
Koutsouvelis, V., Shiaeles, S., Ghita, B., & Bendiab, G. (2020). Detection of insider threats using artificial intelligence and visualisation. 6th Conference on Network Softwarization, 437-443.
Krombholz, K. (2015). Advanced social engineering attacks. Journal of Information Security and Applications, 22, 113-122.
Kumar, S., Gupta, U., Singh, A. K., & Singh, A. K. (2023). Artificial intelligence: Revolutionizing cyber security in the digital era. Journal of Computers, Mechanical and Management, 2(3), 31-42.
Levy, Y., & Ellis, T. J. (2006). A systems approach to conduct an effective literature review in support of information systems research. Informing Science: The International Journal of an Emerging Trans-discipline, 9, 181-212.
McCarthy, J. (2004). What is artificial intelligence? Retrieved May 9, 2024, from http://jmc.stanford.edu/artificial-intelligence/what-is-ai/
Michael, K., Abbas, R., & Roussos, G. (2023). AI in cybersecurity: The paradox. IEEE Transactions on Technology and Society, 4(2), 104-109.
Moher, D., Liberati, A., Tetzlaff, J., & Altman, D. G. (2009). Preferred reporting items for systematic reviews and meta-analyses: The PRISMA statement. BMJ.
Moody, G. D., Galletta, D. F., & Dunn, B. K. (2017). Which phish get caught? An exploratory study of individuals' susceptibility to phishing. European Journal of Information Systems, 26(6), 564-584.
Nguyen, Q. H., Wu, T., Nguyen, V., Yuan, X., Xue, J., & Rudolph, C. (2024). Utilizing large language models with human feedback integration for generating dedicated warning for phishing emails. 2nd Workshop on Secure and Trustworthy Deep Learning Systems (SecTL).
Okoli, C., & Pawlowski, S. D. (2004). The Delphi method as a research tool: An example, design considerations and applications. Information & Management, 42(1), 15-29.
Oladipo, J., Okoye, C., Elufioye, O., Falaiye, T., & Nwankwo, E. (2024). Human factors in cybersecurity: Navigating the fintech landscape. International Journal of Science and Research Archive.
Palan, S., & Schitter, C. (2018). Prolific.ac - a subject pool for online experiments. Journal of Behavioral and Experimental Finance, 17, 22-27.
Paliwoda, S. J. (1983). Predicting the future using Delphi. Management Decision, 21(1), 31-38.
Paré, G., Cameron, A.-F., Poba-Nzaou, P., & Templier, M. (2013). A systematic assessment of rigor in information systems ranking-type Delphi studies. Information & Management, 50(5), 207-217.
Proofpoint. (2021). Managing insider threats in financial services. https://www.proofpoint.com/sites/default/files/e - books/pfpt - uk - eb - managing - insider-threats-in-financial-services.pdf
Ransbotham, S., Kiron, D., Gerbert, P., & Reeves, M. (2017). Reshaping business with artificial intelligence: Closing the gap between ambition and action. MIT Sloan Management Review.
Rohmeyer, P., & Bayuk, J. L. (2019). Financial cybersecurity risk management: Leadership perspectives and guidance for systems and institutions. Apress.
Schmidt, R. C. (1997). Managing Delphi surveys using nonparametric statistical techniques. Decision Sciences, 28(3), 763-774.
Sen, R., Heim, G., & Zhu, Q. (2022). Artificial intelligence and machine learning in cybersecurity: Applications, challenges, and opportunities for MIS academics. Communications of the Association for Information Systems, 51(1), 179-209.
Sharif, M., Urakawa, J., Christin, N., Kubota, A., & Yamada, A. (2018). Predicting impending exposure to malicious content from user behavior. Conference on Computer and Communications Security.
Statista. (2024). Share of financial phishing attacks worldwide from 2016 to 2023. https://www. statista.com/statistics/1319867/share- of- financial-phishing-attacks/
Sutter, T., Bozkir, A. S., Gehring, B., & Berlich, P. (2022). Avoiding the hook: Influential factors of phishing awareness training on click-rates and a data-driven approach to predict email difficulty perception. IEEE Access, 10, 100540-100565.
Taddeo, M., McCutcheon, T., & Floridi, L. (2019). Trusting artificial intelligence in cybersecurity is a double-edged sword. Nature Machine Intelligence.
Tan, Z., Beuran, R., Hasegawa, S., Jiang, W., Zhao, M., & Tan, Y. (2020). Adaptive security awareness training using linked open data datasets. Education and Information Technologies, 25(6), 5235-5259.
Tariq, N. (2018). Impact of cyberattacks on financial institutions. Journal of Internet Banking and Commerce, 23(2).
Trifonov, R., Nakov, O., Manolov, S., Tsochev, G., & Pavlova, G. (2020). Possibilities for improving the quality of cyber security education through application of artificial intelligence methods. International Conference Automatics and Informatics (ICAI).
U.S. Treasury. (2024). Managing artificial intelligence - specific cybersecurity risks in the financial services sector. Retrieved May 11, 2024, from https://home.treasury.gov/system/files/136/Managing-Artificial - Intelligence - Specific - Cybersecurity - Risks-In-The-Financial-Services-Sector.pdf
White, D. (2023). Data breach outlook: Finance surpasses healthcare as most breached industry in 2023. Retrieved May 11, 2024, from https://www.kroll.com/-/media/kroll-images/pdfs/data-breachoutlook-2024.pdf
Zacharis, A., & Patsakis, C. (2023). AiCEF: An AI-assisted cyber exercise content generation framework using named entity recognition. International Journal of Information Security, 22(5), 1333-1354.
Zeadally, S., Adi, E., Baig, Z., & Khan, I. A. (2020). Harnessing artificial intelligence capabilities to improve cybersecurity. IEEE Access, 8.
Zhang, Z., Ning, H., Shi, F., Farha, F., Xu, Y., Xu, J., Zhang, F., & Choo, K.-K. R. (2022). Artificial intelligence in cyber security: Research advances, challenges, and opportunities. Artificial Intelligence Review, 55(2), 1029-1053.
