Financial institutions are taking a more cautious path into AI because legacy identity systems are not yet built to secure autonomous agents at scale.
EMA Research’s latest survey suggests the sector’s slower rollout is less about reluctance to innovate and more about the need to modernise IAM foundations before moving AI into production.
AI adoption lags broader market
The research, titled The AI Identity Crisis: Balancing Innovation with Strict Compliance in the Financial Sector, surveyed 271 IT and security professionals and found that only 29.7% of financial organisations have AI initiatives in full-scale production, versus 40.6% across all industries.
Source: EMA Research 2026
The gap points to a more deliberate deployment strategy in banking and insurance, where compliance, customer trust and cyber risk carry outsized weight.
Identity becomes the bottleneck
EMA said 58% of respondents use three or more IAM solutions, while 51% cited rising IAM costs as their top challenge. In the financial sector specifically, 62.2% said their IAM stack needs more resilience, 59.5% said it needs stronger security, and 43.2% said it requires better compliance support.
The findings suggest the industry’s AI challenge is not just model governance, but the plumbing underneath it.
Customer and internal data exposure
The survey also found that 67.6% of financial services AI deployments access internal company data, while 64.9% access customer data. That raises the stakes for identity controls, especially as firms move from pilots to production environments and let AI agents interact with regulated workflows.
“With increasing industry regulations focused on cybersecurity, financial, and insurance, organisations are right to be cautious,” said Ken Buckler, research director for information security, risk and compliance management at EMA.
He added that “92% of organisations reported experiencing negative consequences from AI adoption” in EMA’s follow-up research in April, underscoring the importance of stronger governance.
Jeff Kukowski, chief executive of Ory, said financial institutions are “clearly being more deliberate” about production AI because existing IAM architectures were “not designed for agents securely operating at scale.”
Wider market context
The findings align with a broader industry trend: as AI becomes more agentic, organisations are increasingly treating identity as a strategic control point rather than a back-end utility.
Ory’s own materials note that non-human identities already outnumber humans by 144:1, a signal of how quickly machine access is expanding across enterprises.
For financial firms, that makes IAM modernisation a prerequisite for scaling AI safely, not an afterthought.
