RESEARCH REPORT

In brief

In brief

  • As intelligent automation grows in use, so do the risks it could open up regarding your cyber security.
  • Robotic Process Automation and Artificial Intelligence each have particular use cases, which then present unique security vulnerabilities.
  • Through a designed security framework, we offer recommendations to protect intelligent automation tools.


Intelligent automation, such as Robotic Process Automation (RPA) and Artificial Intelligence (AI), is changing financial services. According to the Assuring Artificial Intelligence Security report, banks see a reduction in costs by 45% - 65% and an increase in productivity by 75%. Leveraging these tools allows companies to speed up operations while transforming the way they interact with and help customers. While the new capabilities are exciting, a more sobering fact is that intelligent automation can open a door for cyber criminals, if it isn’t implemented properly.

Vulnerable tools open door to cyber criminals

AI and RPA are vital to modernizing the financial services sector. But the very things that make them successful—automation, intelligent decision making—also make them prime targets for cyber criminals. Very small changes to an AI or RPA’s code can have significant and difficult-to-find impacts. With AI and RPA often working in the background with little human oversight, changes can go undetected for a long time. Additionally, the decisions these robots make are often complex and difficult to retroactively understand, so attacks that shift the logic of a robot can be even more difficult to discover.

On average, a cyber security attack goes undetected for 279 days.

While AI and RPA are similar, they are not the same. They are used for different purposes, trained in different ways, and therefore, could open different security doors for criminals.

A graph showing the differences in degree of impact between AI and RPA. The graph shows RPA most leads to fraudulent actions, incorrect decisions, system misuse and stolen credentials. AI most leads to data leakage, incorrect decisions and system mis

Source: Accenture, April 2020

Protecting automation tools

Of course, companies are not powerless against cyber criminals. In addition to an overall security framework, companies should focus specifically on certain areas regarding their intelligent automation bots.

  • Governance: Ensure there is oversight and that everyone involved in intelligent automation understands their roles.
  • Infrastructure: Powerful bots built on top of outdated IT infrastructure weakens a company’s ability to protect against cyber attacks.
  • Training Data: Cyber attacks on intelligent automation tools can instead manipulate the training data used on the bots. Make sure the training data is secure and protected.
  • Algorithms and Scripts: Algorithms often work automatically in the background, and many are open sourced, making them particularly vulnerable to attacks.
  • People: Build and define a culture and security strategy to avoid common failures, like email phishing attacks.

Cyber security is not only key to protecting your business, but also your customers. There are many things to consider when implementing intelligent automation: cost, how to monitor the bots and where humans come into the workflow (if at all). By putting security at the forefront of each decision, you can transform your business and reap all of the benefits of automation, while avoiding some of the worst consequences.

Meet the team

Subscription Center
Stay in the Know with Our Newsletter Stay in the Know with Our Newsletter