• 5 lessons from banking & finance: Why we need zero trust secrets management Gene Likins Risk & compliance Culture & collaboration Feb 4, 2026 Gene Likins Share article Twitter share LinkedIn share Facebook share Copy URL The banking industry spends about$600Ba year on technology, investing heavily in cloud, automation, and digital services. • Today, mobile is the most widely used banking channel, making up55%of all banking transactions. • And AI spending is expected to surge in the coming years, as business use cases are refined. • Secrets (passwords, keys, certificates, and more) are ubiquitous in applications and services because they allow automated access to infrastructure, service communication, user access to funds, and general permissions to systems and data. • If a secret falls into the wrong hands, it could lead to a costly breach. • This is why secrets management is a business concern, not just a technical challenge.

Article Summaries:

  • The banking sector, which spends roughly $600 B annually on technology, is increasingly reliant on cloud, automation, and mobile banking-55 % of transactions now occur via mobile. As AI investment grows, the industry’s exposure to credential‑based attacks rises. A recent analysis highlights that weak secrets management-such as hard‑coded credentials, long‑lived or broadly privileged secrets, scattered storage across multi‑cloud environments, accidental leaks, and manual rotation-directly elevates breach risk. Case studies, including the 2019 Capital One incident, show that compromised secrets allow attackers to act as legitimate users, bypassing traditional controls. The article argues that zero‑trust secrets management is essential for protecting financial data and operations.
  • Banking firms spend roughly $600 billion annually on technology, with mobile channels handling 55 % of transactions and AI budgets set to rise. The post argues that secrets-passwords, keys, certificates-are a business‑critical asset, not just a technical one. It cites case studies showing that poor secrets management-hard‑coded credentials, long‑lived or overly privileged secrets, sprawl across multi‑cloud environments, accidental leaks, and manual rotation-drives higher breach risk. The Capital One 2019 breach is highlighted as an example of how exposed credentials can let attackers act as legitimate users. The article calls for zero‑trust secrets management to mitigate these risks.

Sources: