Posts Tagged :


‘Political Polarisation’ now the leading emerging risk for enterprises globally

960 640 Stuart O'Brien
Escalating political polarisation worldwide entered the quarterly Gartner emerging risk tracker for the first time in the fourth quarter of 2023, based on a survey of senior enterprise risk executives.

“Risk executives worldwide are clearly concerned by the potential implications of escalating tensions and conflict all over the globe,” said Ran Xu director, research in the Gartner Risk & Audit Practice. “From Ukraine, the Middle East, the East China Sea, South America, Africa, Western Europe or the U.S., there is evidence of geopolitical instability rooted in increasing political polarization around a number of issues.”

In November 2023, Gartner surveyed 347 senior enterprise risk executives to provide leaders with a benchmarked view of 20 emerging risks. The Quarterly Emerging Risk Reports includes detailed information on the possible impact, time frame, level of attention, and perceived opportunities for these risks.

Mass generative AI availability was the top cited emerging risk in the 4Q23 survey (see Table 1) and has been in the top five in the previous two quarters as well. Escalating political polarization entered the tracker for the first time in second spot, with cloud concentration risk (a top five risk last quarter) coming in third place.

Risk Rank (by Frequency) Risk Name Frequency
1 Mass Generative AI Availability 76%
2 Escalating Political Polarization 69%
3 Cloud Concentration Risk 64%
4 Market Effects from Higher Borrowing Costs 53%
5 Overzealous Cost Cutting 52%

Gartner experts have identified three principal factors that are driving increased political polarisation:

1.    Reinforcing Social Media Algorithms
Algorithms that are designed to ensure engagement and retention on social media platforms by delivering tailored content to individual users, also lead to information silos that feed confirmation bias and can reinforce divisive political outlooks.

2.    Pervasive Economic Pessimism
Although the global economy is still growing, commodity and housing prices remain high amid a recent episode of increased inflation and higher interest rates, squeezing the finances of individuals worldwide. These kinds of heightened economic concerns often push extreme ideological realignments.

3.    Politicization of Civic Institutions
As formerly neutral civic institutions (e.g., the education system) face increasing political scrutiny, public trust in them wavers, and individuals often seek out non-mainstream information sources that align with preexisting beliefs, further reinforcing the impact of social media algorithms.

“The potential consequences of escalating political polarization for any specific organization will be contingent on many factors, such as its line of business or geographical location,” said Xu. “Many organizations, however, will already have been embroiled willingly, or unwillingly, in political debates that could potentially result in reputational damage. Organizations may also be impacted from volatile and unpredictable elections that may cause strategic delays and undermine investor and customer confidence.”

Photo by Sean Pollock on Unsplash

Mobile Phone

UK researchers detail new technique for countering mobile ‘account takeover’ attacks

960 640 Stuart O'Brien

Computer science researchers at the University of Birmingham have developed a new way to identify security weaknesses that leave people vulnerable to account takeover attacks, where a hacker gains unauthorised access to online accounts.

Most mobiles are now home to a complex ecosystem of interconnected operating software and apps, and as the connections between online services has increased, so have the possibilities for hackers to exploit the security weaknesses, often with disastrous consequences for their owner.

Dr Luca Arnaboldi, from the University of Birmingham’s School of Computer Science, explains: “The ruse of looking over someone’s shoulder to find out their PIN is well known.  However, the end game for the attacker is to gain access to the Apps, which store a wealth of personal information and can provide access to accounts such as Amazon, Google, X, Apple Pay, and even bank accounts.”

To understand and prevent these attacks, researchers had to get into the mind of the hacker, who can build a complex attack by combining smaller tactical steps.

Dr Luca Arnaboldi worked with Professor David Aspinall from the University of Edinburgh, Dr Christina Kolb from the University of Twente, and Dr Sasa Radomirovic from the University of Surrey to define a way of cataloguing security vulnerabilities and modelling account takeover attacks, by reducing them their constituent building blocks.

Until now, security vulnerabilities have been studied using ‘account access graphs’, which shows the phone, the SIM card, the Apps, and the security features that limit each stage of access.

However, account access graphs do not model account takeovers, where an attacker disconnects a device, or an App, from the account ecosystem by, for instance, by taking out the SIM card and putting it into a second phone.  As SMS messages will be visible on the second phone, the attacker can then use SMS-driven password recovery methods.

The researchers overcame this obstacle by developing a new way to model how account access changes as devices, SIM cards, or Apps are disconnected from the account ecosystem.

Their method, which is based on the formal logic used by mathematicians and philosophers, captures the choices faced by a hacker who has access to the mobile phone and the PIN.

The researchers expect this approach, which is published in the Proceedings of the 28th European Symposium on Research in Computer Security (ESORICS 23), to be adopted device manufacturers and App developers who wish to catalogue vulnerabilities, and further their understanding of complex hacking attacks.

The published account also details how the researchers tested their approach against claims made in a report by Wall Street Journal, which speculated that an attack strategy used to access data and bank accounts on an iPhone could be replicated on Android, even though no such attacks were reported.

Apps for Android are installed from the Play Store, and installation requires a Google account, and the researchers found that this connection provides some protection against attacks.  Their work also suggested a security fix for iPhone.

Dr Arnaboldi said: “The results of our simulations showed the attack strategies used by iPhone hackers to access Apple Pay could not be used to access Android Pay on Android, due to security features on the Google account.  The simulations also suggested a security fix for iPhone – requiring the use of a previous password as well as a pin, a simple choice that most users would welcome.”

Apple has now implemented a fix for this, providing a new layer of protection for iPhone users.

The researchers repeated this exercise across other devices (Motorola G10 Android 11, Lenovo YT-X705F Android 10, Xiaomi Redmi Note Pro 10 Android 11, and Samsung Galaxy Tab S6 Lite Android).  Here they found that the devices that had their own manufacturer accounts (Samsung and Xiaomi) had the same vulnerability as Apple – although the Google account remained safe, the bespoke accounts were compromised.

The researchers also used their method to test the security on their own mobile devices, with an unexpected result.  One of them found that giving his wife access to a shared iCloud account had compromised his security – while his security measures were as secure as they could be, her chain of connections was not secure.

Dr Arnaboldi is currently engaged in Academic Consultancy where he works with major corporates and internet-based companies to improve their defences against hacking.

Third party-related business interruptions pose increasing risk to organisational cybersecurity

960 640 Stuart O'Brien
Despite increased investments in third-party cybersecurity risk management (TPCRM) over the last two years, 45% of organisations experienced third party-related business interruptions.

That’s according to a new Gartner survey, which points out that third-party cybersecurity risk management is often resource-intensive, overly process-oriented and has little to show for in terms of results.

Zachary Smith, Sr Principal Research at Gartner, said: “Cybersecurity teams struggle to build resilience against third party-related disruptions and to influence third party-related business decisions.”

The survey was conducted in July and August 2023 among 376 senior executives involved in third-party cybersecurity risk management across organizations from different industries, geographies and sizes.

Effective TPCRM Depends on Delivery of Three Outcomes
Successful management of third-party cybersecurity risk depends on the security organization’s ability to deliver on three outcomes – resource efficiency, risk management and resilience and influence on business decision making. However, enterprises struggle to be effective in two out of those three outcomes, and only 6% of organizations are effective in all three (see Fig. 1).

Figure 1. Security Organizations’ Ability to Deliver on Three Outcomes for Effective TPCRM

Source: Gartner (December 2023)

Four Actions for Security Leaders to Manage Third-Party Cybersecurity Risks
Based on the survey findings, Gartner identified four actions that security and risk management leaders must take to increase their effectiveness in managing third-party cybersecurity risk. The survey found that organizations that implemented any of these actions saw a 40-50% increase in TPCRM effectiveness.

These actions include:

  1. Regularly review how effectively third-party risks are communicated to the business owner of the third-party relationship: Chief information security officers (CISOs) need to regularly review how well the business understands their messaging around third-party risks to ensure they are providing actionable insights around those risks.
  2. Track third-party contract decisions to help manage risk acceptance by business owners:Business owners will often choose to engage with a third party even if they are well-informed about associated cybersecurity risks. Tracking decisions helps security teams align compensating controls for risk acceptances and alerts security teams to particularly risky business owners that may require greater cybersecurity oversight.
  3. Conduct third-party incident response planning (e.g., playbooks, tabletop exercises): Effective TPCRM goes beyond identifying and reporting cybersecurity risks. CISOs must ensure the organization has strong contingency plans in place to prepare for unexpected scenarios and to be able to recover well in the wake of an incident.
  4. Work with critical third parties to mature their security risk management practices as necessary: In a hyperconnected environment, a critical third-party’s risk is also an organization’s risk. Partnering with the critical third parties to improve their security risk management practices helps promote transparency and collaboration.

Photo by Sigmund on Unsplash

Malware protagonists diversifying tools as incidents surge

960 640 Stuart O'Brien

New research has revealed a 70 percent increase in new malware incidents, equivalent to 26 cyberattacks per minute, highlighting a diversification of tools and attacks by threat actors and as they target high-stakes or financially lucrative industries.  

“Malicious actors are working harder than ever to expand their range and volume of cyberattacks,” said Ismael Valenzuela, Vice President of Threat Research and Intelligence, BlackBerry, which conducted the research. “The intensifying number of novel attacks targeting nations and industries demonstrates the impact of the macroeconomic climate on cybersecurity. However, while threats are increasing in number and diversity, so is our ability to defend against them with advanced technologies that predict and prevent attacks.”  

Highlights from the latest BlackBerry Global Threat Intelligence Report, covering the three-month period of June-August, include: 

  • Continued Rise in Cyberattacks Per Minute. BlackBerry stopped over 3.3 million attacks; approximately 26 attacks and 2.9 unique malware samples per minute.  
  • Financial and Healthcare Most Targeted Industries. The financial sector was the most frequently attacked industry this quarter, with healthcare institutions coming in second. High-value data and the opportunity to disrupt essential services make these sectors a prime target for impactful or profitable attacks.  
  • Ransomware Groups Make Double Extortion Standard Practice. LockBit, Cl0p, Cuba, and ALPHV ransomware groups increasingly use double extortion tactics as insurance on attacks, as organizations worldwide improve their data backup strategies.  
  • Australia and United States hit by Highest Increase in Public Sector Attacks. Australia and the U.S. experienced 50 percent-plus more public sector attacks this quarter. BlackBerry Cylance AI prevented the most cyberattacks overall in the United States, followed by Canada, Japan, Peru and India. The most unique malware was observed in the United States, then Japan, South Korea, India, and Canada. 

Photo by Ed Hardie on Unsplash

CISOs: ‘Regulation responsibility is unclear’

960 640 Stuart O'Brien

Over half (56%) of CISOs agree that it is not clear within their organisations whose responsibility it is to manage and implement changes in order to comply with the latest regulations, putting organisations at risk. This is despite over two thirds (67%) claiming that keeping up with changing regulation is an ongoing challenge.

Research conducted by cyber security solutions provider BSS, which explores ‘How CISOs can succeed in a challenging landscape’, also found that a further two thirds (64%) of the 150 UK-based information security decision makers surveyed agreed that regulations change before they have had a chance to successfully implement procedure.

The research also found that regulations like GDPR, which was first implemented in 2018, are still a headache for CISOs, with two thirds (63%) agreeing.

With the deadline approaching on newer regulations such as the Digital Operational Resilience Act (DORA), which comes into action on 17th January 2025, assigning responsibility for managing and implementing regulation must be addressed.

Positively, 80% of CISOs agreed that regulatory compliance is a top priority for their company’s board. But while the priority is there for many, the technology oftentimes does not support it. A third (33%) of CISOs reported that they don’t feel like they have the technology stack required to excel in their role.

In fact, only one in ten (11%) CISOs surveyed reported that their organisations approach to overall cyber risk management is both stable and flexible, allowing them to pivot and respond to opportunities and change, such as regulation.

BSS Director, Chris Wilkinson said: “CISOs need to have a clear idea of where the responsibility for regulation lies in order to succeed in their role. Not complying with regulation leaves organisations at risk and ultimately it is the CISO who will answer to any penalties or cyber threats that come as a result of non-compliance with regulations. If CISOs are culpable then they also need to be in control.”

Photo by Adam Nowakowski on Unsplash

Zero Trust ‘now the norm’ for global business

960 640 Stuart O'Brien

Zero Trust (ZT) has become the default cybersecurity strategy for global business: In 2021, fewer than one in four of the organisations surveyed had a ZT strategy in place, but by 2023, this number has grown to 61%. In addition, a further 28% plan to implement Zero Trust within the next year and a half.

That’s according to the 2023 State of Zero Trust Report released by Okta. For the first time since the firm started issuing the State of Zero Trust Report in 2019, the number of organisations that already have a defined Zero Trust strategy in place, far exceeds those still in planning stages (or without such a strategy).

In partnership with Qualtrics, in April 2023, Okta conducted a global study including 860 information security decision makers from North America (US, Canada); EMEA (Denmark, Finland, France, Germany, Ireland, Netherlands, Norway, Sweden, UK); and APJ (Japan, Australia).

“We now live in a Zero Trust world,” said Stephen McDermid, EMEA CSO for Okta. “The global figures suggest that within 18 months, nine in every 10 businesses will ‘be ZT’. And businesses are putting their cybersecurity money where their Zero Trust mouth is. Despite widespread cost-cutting, 60% of organisations have seen an increase of up to 24% in their ZT budgets since last year.”

The report suggests that leaders recognise the primary importance of Zero Trust in enabling today’s digital business. The research shows 93% of the global C-Suite now believe that Identity is important to their business strategy.

The report demonstrates that, despite growing knowledge of the low assurance value, passwords remain the standard for authentication – and are in use at more than half (55%) of our respondent’s organisations, across all regions.

Security questions were the second most commonly used practice, with just 19% (less than 1 in 5) of businesses) using high-assurance factors like platform-based authenticators and biometrics.

“In a world where businesses must never trust and always verify, the method of verification is critical,” continued McDermid. “The uncomfortable truth behind recent attacks is that verification based on passwords and simple questions is not enough. Social engineering has evolved dramatically and as such, so should the front line of identity verification. In practice, this will mean passwordless technologies.”

As an insight into the drivers behind this need to address social engineering, respondents to the research cited “People” as the biggest security concern for businesses with “Network” and “Data” coming in a distant second and third, respectively. While the user has always been rated a top priority, this year it’s an unusual outlier, reflecting an increasing understanding of the critical function of identity, in Zero Trust security initiatives.

In the face of this perception that the user remains the weakest link, more than two in three companies either say security is the unquestioned top priority or that their current priority balance is three-quarters security, one-quarter usability.

However, the research also reveals that holes still remain. Only 1 in 5 (20%) of respondents have automated provisioning/deprovisioning for external users such as partners and contractors. This suggests that companies remain especially vulnerable to attacks from within the supply chain.

McDermid added: “Companies have long since recognised that either through malice or simple poor practice, their people represent the single biggest security threat, but these figures suggest that businesses may have been too narrow in the definition of ‘their people’.  Suppliers and partners are – from a security perspective – just as risky as an employee. But there seems to be a lag in addressing this.”

Within this incredibly active global market, there are some clear leaders when it comes to embracing ZT. Companies in financial services and software are more likely to have an initiative in place today (at 71% and 68%, respectively).

58% of public sector organisations have a ZT strategy, with almost another third planning to implement one in the next 12 months.

“It is easy to see the impact of regulation on these figures,” concluded McDermid. “Some industries will face tighter demands that necessitate Zero Trust and drive the market in the short term. We welcome this catalyst for innovation and look forward to seeing what early adopters can show the wider industry.

“The past two years have seen a huge jump in the number of businesses that say identity is a critical part of their Zero Trust strategy.  Now that Zero Trust is set to define how business is done, it follows that getting identity right will be a major factor in making that business easier, faster, and better.”

Photo by Towfiqu barbhuiya on Unsplash

Physical security incidents cost the world’s biggest firms $1 trillion in 2022

960 640 Guest Blog

Large global companies lost a combined $1 trillion in revenue in 2022 due to physical security incidents, while economic unrest is expected to be the greatest security-impacting hazard in the next 12 months, itself a significant increase on the prior year.

That according to a new report commissioned by Allied Universal, based on an anonymous survey of 1,775 chief security officers (CSOs), or those in equivalent roles, from large, global companies in 30 countries, with a combined annual revenue of more than $20 trillion, which also found that companies anticipate a surge in threats and hazards like social unrest, climate change, fraud and theft.

As a result, physical security budgets are predicted to increase significantly to keep people, property and assets safe. Security leaders intend to focus investments on advanced technology and providing security professionals with additional skills and training.

Fraud – deception intended to result in gain – is likely to be the biggest external threat over the coming year. The leaking of sensitive information is predicted to be the biggest internal threat. Dangers posed by hackers, protestors, spies and economic criminals are expected to soar.

“As the world’s leading security company, we commissioned this report for the benefit of the entire industry and the companies we protect. It comes at a time hen organizations across the globe are increasingly navigating more complex security hazards and threats. The research shows the impact of security threats on organizations is multidimensional – from the disruption of productivity to the loss of customers, to the potentially staggering financial impact,” said Steve Jones (pictured, above), Allied Universal’s global chairman and CEO.

One in four (25%) companies reported a drop in their corporate value following an external or internal security incident during the last 12 months.

In addition to CSOs, the report also surveyed 200 global institutional investors to understand the impact of security incidents on the value of publicly traded companies. Investors estimated an average 29% drop in stock price in the wake of a significant internal or external security incident in the last 12 months.

“Global businesses are facing increased security threats; a tight labor market globally; and rapidly changing technology that presents new risks and requires different skills. In addition, executive boards are grappling with balancing physical and cybersecurity alongside other priorities. The World Security Report helps our entire industry and the wider business community better understand and operate in the challenging, global and fast-moving security landscape,” said Ashley Almanza, executive chairman of G4S, Allied Universal’s international business.

Key findings from the World Security Report:

Security Threat and Incident Findings

  • Economic unrest was reported by 47% as the greatest security-impacting hazard in the next 12 months — up from 39% in the previous year.
  • Climate change events are on the rise and the second most concerning hazard, with 38% saying they may be impacted in the next year. This was followed by social unrest (35%), disruption to energy supplies (33%) and war or political instability (32%).
  • Leaking of sensitive information is expected to be the biggest internal threat in the next 12 months according to 36% of respondents.
  • Misuse of company resources or data was the most common internal incident with 35% of companies having experienced this already over the last 12 months.
  • Fraud is expected to be the biggest external threat in the next year, predicted by 25% of CSOs.
  • Fraud and phishing and social engineering were the most common external security incidents experienced in the last 12 months (23%).
  • The threat from two groups, subversives, hackers, protestors, or spies and economic criminals, are likely to soar, with 50% and 49% of respondents predicting they will be impacted by these groups, both up from 39% in the last year.

Security Budgets

  • Security budgets represented approximately $660 billion (3.3%) of global revenue at respondent companies in 2022.
  • Physical security budgets at 46% of respondent companies are set to significantly increase in the next 12 months.
  • Artificial intelligence (AI) is top of the agenda for future physical security technology investment, with 42% intending to invest in AI and AI-powered surveillance over the next five years.

The Future of Security Insights

  • Cyber threats that threaten physical security systems are challenging to operations according to nine out of 10 respondents.
  • CSOs reported a disconnect between physical security incidents and the importance placed on them at board level; nine in 10 CSOs said company leaders are more concerned about cyber than physical security.
  • Eight in 10 (84%) said recruitment of security professionals will be challenging over the next five years.
  • Nine in 10 (92%) said people skills are more important than physical attributes of strength in front-line security professionals.

Is Microsoft Teams a cybersecurity weakness for you organisation? This research thinks so

960 640 Stuart O'Brien

A survey has found that cyber decision makers are overconfident in the readiness of their organisations to combat cyberattacks via collaboration tools.

Collaboration Security: Risks and Realities of the Modern Work Surface, conducted by Mimecast, reveals that businesses are failing to provide dedicated training on collaboration tools, even though almost all (93%) have experienced a threat via them.

The UK research is based on responses from 500 employees and 100 cybersecurity decision makers across a range of sectors, and gauges their understanding and conduct related to collaboration tool security within their organisations.

Eighty two percent of those surveyed felt their organisation had effectively communicated the security vulnerabilities of collaboration tools to their employees. This directly contradicts the fact that 35% claim they have not received any collaboration tools security training, and only 10% say they have received dedicated training separate from the wider cybersecurity training offered by their organisation.

Furthermore, decision makers are not monitoring how employees utilise collaboration tools, in order to protect against threats. Less than a third (31%) monitor employee use of collaboration tools at least once a month.

Since they are not specifically trained or monitored, almost a third (32%) of employees do not see cybersecurity breaches via collaboration tools on their devices, as something for which they are directly responsible.

This means employees are more likely to let their guard down when using business collaboration tools. According to the Mimecast research, employees are 25% less likely to check the legitimacy of attachment file names or URL links in private messages on collaboration tools than those on email. Employees are at their most vulnerable when receiving a message from their line manager, with nearly two thirds (63%) likely to click on a link to an unfamiliar website or source if it’s from someone they report in to.

Even though cyber decision makers believe their organisations are well-equipped to combat collaboration tool-related cyberattacks, almost all (94%) of organisations surveyed have experienced a threat via them. The most prevalent attacks are malware (53%), phishing (38%) and credential harvesting (37%).

The largest impacts of these cyberattacks on the business, include loss of company data (59%), loss of potential customers (35%), loss of current customers (31%) and C-suite changes (20%).

In addition, the financial cost of these attacks on organisations is significant with the average total being over half a million dollars ($537,088). Eighteen per cent of those surveyed estimate the total cost of collaboration tools-related attacks in the past year was over $1 million.

“The modern workplace has experienced explosive change in a short period of time. Adoption of Microsoft Teams has never been higher due to hybrid work, making collaboration tools essential to productivity. But cybercriminals know this and are increasingly seeking to exploit this tool,” said Duane Nichol, Senior Product Manager for Awareness Training. “As collaboration tools become an increasingly complex and growing threat vector, employee and decision maker overconfidence will place organisations at even greater risk. Without dedicated training or monitoring, risky behaviour on these tools is less likely to be picked up.

“This is where IT decision makers have a vital role to play in securing these platforms and providing their employees with specific collaboration security training to protect their data. Protection for Microsoft Teams is designed to ensure that Microsoft 365 remains a productivity tool rather than a security risk, and educating employees about the security implications will ensure they are careful about what they click on or share via these tools. This will help organisations to reduce cyber risk and cost, all while training employees to truly be part of their collaboration security fabric.”

Image by StartupStockPhotos from Pixabay

Could the physical security market be worth $171.4 Billion by 2028?

960 640 Stuart O'Brien

The global physical security market size reached $116.8 billion last year and has been predicted to reach U$171.4 billion by 2028, equivalent to a compound annual growth rate (CAGR) of 6.4%.

That’s according to a report from IMARC Group, which says areas such as video surveillance, access control systems, biometrics, and analytics, are driving the growth of the market.

In addition, the growing availability of Internet of Things (IoT)-enabled devices, such as sensors, connected cameras, and smart locks providing real-time data, conducting remote monitoring, and enhancing situational awareness is offering what it calls a favourable market outlook.

The forecast is the latest in a steady stream predicting big growth for the physical security market, with Spherical Insights predicting a $209 billion valuation by 2032, while ResearchandMarkets expects a value of $216 billion by 2023.

Image by Gerd Altmann from Pixabay

Could AI-generated ‘synthetic data’ be about to take off in the security space?

960 640 Stuart O'Brien

Synthetic data startups are spearheading a revolution in artificial intelligence (AI) by redefining the landscape of data generation that will have implications for myriad industries, including security.

That’s according to GlobalData, which says substantial venture capital investments and a clear sense of direction, these startups are transforming industries, overcoming data limitations, and propelling AI innovation to new heights,

Kiran Raj, Practice Head of Disruptive Tech at GlobalData, said: “Synthetic data startups are breaking through the shackles of data quality and regulation, becoming the trusty substitutes for AI training. As the demand for reliable, cost-effective, time-efficient, and privacy-preserving data continues to accelerate, startups envision a future powered by synthetic data, ushering a new era of machine learning progress. The continuous exploration and innovation in this space promise exciting opportunities and transformative impact on AI development in the years to come.”

Shagun Sachdeva, Project Manager of Disruptive Tech at GlobalData, added: “The bullish investment landscape, expanding use cases across industries, and the ongoing AI advancements flowing to downstream tasks signify that we are merely scratching the surface of what synthetic data can truly achieve. Ranging from financial services and healthcare to automotive and retail sectors, GlobalData expects more remarkable innovations and transformative impacts across industries in the realms of synthetic data, which bodes well for the startups working in the space.”

GlobalData’s Innovation Radar report, Startup Series – Synthetic Data – The Master Key to AI’s Future, highlights the dynamic application landscape of synthetic data by startups across sectors.


Synthetic data in healthcare enables privacy-preserving research, improves AI model training by augmenting real patient data, and supports simulation and training for medical professionals. It also aids in drug discovery, clinical trials, and optimizing healthcare systems for enhanced patient care. Aindo, Betterdata, and Gretel are some of the synthetic data startups addressing the needs of healthcare sector.

Financial services

Synthetic data offers significant advantages in financial services, including fraud detection, customer analytics, regulatory compliance, portfolio management, cybersecurity, and chatbot training. By harnessing the power of synthetic data, financial institutions can enhance operational efficiency, mitigate risks, personalize services, and drive innovation in a privacy-conscious manner. Clearbox, Hazy, and Diveplane are some of the synthetic data startups that offer solutions for financial service sector.


Synthetic data plays a vital role in the automotive sector, particularly in autonomous vehicle development, virtual testing, driver assistance systems, design optimization, HMI development, and traffic simulation. By leveraging synthetic data, automotive companies can accelerate innovation, improve safety, optimize manufacturing processes, and enhance the overall driving experience. Rendered AI, Anyverse, and Sky Engine AI are some of the synthetic data startups catering the needs of automotive sector.


Synthetic data in the retail sector enables accurate demand forecasting, personalized marketing, optimized pricing, improved store layouts, fraud detection, and enhanced customer service. By leveraging synthetic data, retailers can make data-driven decisions, enhance customer experiences, and optimize operations for business growth. Betterdata, Zumo Labs, and Synthesis AI are some of the synthetic data startups that offer solutions for retail sector.


It’s not difficult to see how applications of the above in the security space could have a significant impact, not just in terms of data security, but also in planning crowd control scenarios or training.

Sachdeva concluded: “Despite the considerable attention and substantial investment in synthetic data, user skepticism, dependency on real data, and lack of standards, trust and awareness can hinder the acceptance. As we closely monitor this evolving landscape, it will be interesting to watch startups within synthetic data space addressing these challenges and offering solutions that will mold the future trajectory of AI.”

Image by Brian Merrill from Pixabay