CFOtech UK - Technology news for CFOs & financial decision-makers
United Kingdom

Guides

#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
health technologies

Search

Realistic illustration computer server room red warning lights cyberattacks financial firms
#
Ransomware
#
Phishing
#
Advanced Persistent Threat Protection

Financial firms face 25% surge in advanced cyberattacks in 2024

Yesterday
Author image
By Melania Watson, Interview Editor

A new report by KnowBe4 highlights significant cyber risks currently impacting the global financial sector.

The Financial Sector Threats Report details a sharp increase in cyberattack frequency, with financial service firms worldwide experiencing up to 300 times more attacks annually than organisations in other industries. The report registers a 25% increase in intrusion events for the sector in 2024 compared to the previous year.

Third-party breach issues

The findings show almost all (97%) of the largest banks in the United States suffered breaches linked to third-party vendors during 2024. In Europe, a similar pattern emerges, with 100% of the continent's top financial firms reporting supplier breaches, underscoring ongoing vulnerabilities within the sector's vendor ecosystems.

The report draws attention to the magnitude of systemic risk, referencing Federal Reserve Bank of New York analysis that a single day's disruption in payments by major banking organisations could impact 38% of related network banks globally. This highlights the interconnected nature of the sector and its susceptibility to wide-ranging consequences in the event of a security incident.

Evolving threats and attack strategies

Researchers found that cybercriminals are rapidly adapting their methods, leveraging artificial intelligence (AI) tools such as FraudGPT and ElevenLabs to develop more convincing phishing emails and campaigns. According to the report, attackers are shifting away from traditional ransomware schemes, instead focusing more on data exfiltration and multi-stage extortion using stolen credentials.

Over three million posts analysed from the dark web reveal that the sale of stolen credentials now significantly outpaces credit card theft. Infostealer infection attempts were reported to have risen 58% in 2024. Additionally, 68% of attacks tracked originated from email-based vectors.

Suspicious email and phishing susceptibility

Within large financial institutions, testing indicated that 44.7% of participating employees initially showed a likelihood to click on malicious links or download infected files, presenting multiple points of entry for threat actors. KnowBe4's research suggests that, through ongoing security awareness training, institutions can reduce this rate of susceptibility to below 5%.

Adversaries are gaining an advantage against the financial sector. Traditional defenses are no longer sufficient and threat actors discovered stealing valid credentials is more effective than ransomware because it allows them to move undetected. The battle comes down to the human level. Financial institutions must prioritize human risk management to close this critical security gap.

The report also reveals that the United States accounts for 60% of all ransomware attacks against global financial institutions. Together with the United Kingdom, the two countries represent over 70% of attacks, while emerging markets in South Asia and Latin America are increasingly being targeted.

Phishing trends and employee vulnerability

Concern about phishing remains high. The report's analysis found tests in large financial institutions demonstrated nearly 45% of employees were likely to fall victim to phishing campaigns. The research ties this risk to the expanded use of AI by attackers and an increasing focus on acquiring and misusing valid credentials, elevating the risk of attackers moving within compromised networks undetected.

The continual evolution of cyber threats and the rise in multi-stage extortion tactics are also highlighted in the findings. This development allows attackers to avoid traditional encryption mechanisms in favour of exfiltrating data, increasing the complexity and potential impact of breaches.

The data compiled by KnowBe4 reinforces the challenges facing the financial sector, particularly as cybercriminals grow more adept at bypassing conventional security measures and exploiting supply chain vulnerabilities.

The report concludes that security awareness initiatives remain an essential defensive measure, with comprehensive training shown to mitigate human error and reduce the risk associated with phishing attacks.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Financial sector faces 25% jump in cyberattacks, led by phishing
FCA pension transfer review urges balance between speed & safety
AI adoption surges among non-graduate workers in global south
Hexaware launches Agentic AI Academy to upskill global workforce
Holland & Barrett saves 3,000 hours with AI for data requests

Top stories

UK banks frustrated by cloudwashing in core banking adoption
AccountsIQ integrates non-financial KPIs for unified reporting
Certes warns UK executives face liability as data breach risks rise
Generative AI transforms Women's Rugby World Cup broadcasts
China-nexus hackers exploit cloud trust links in high-profile cyberespionage