CFOtech UK - Technology news for CFOs & financial decision-makers
United Kingdom

Guides

#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
health technologies

Search

Bank building shadowy figures with laptops phishing hooks targeting employees illustration
#
Ransomware
#
Phishing
#
Advanced Persistent Threat Protection

Financial sector faces 25% jump in cyberattacks, led by phishing

Yesterday
Author image
By Melania Watson, Interview Editor

KnowBe4 has released its latest research highlighting the growing cybersecurity threats facing the global financial sector.

The "Financial Sector Threats Report" details a sharp rise in cyberattacks targeting financial service providers, including banks and payment systems worldwide.

 According to the research, firms in the financial sector suffer nearly 300 times more cyberattacks each year compared to organisations in other industries, with a notable increase in incident volume over the past year.

Escalating attack frequency

The report indicates a 25% year-on-year increase in intrusion events for 2024, signalling a significant escalation in the intensity of attacks. In addition, data gathered from tests in large financial organisations showed that about 45% of employees were likely to click on a malicious link or download an infected file, illustrating the continued role of human error as a weak point in cyber defences.

The United States and the United Kingdom remain primary targets, accounting for more than 70% of all attacks worldwide. However, the Asia-Pacific region is also seeing growing activity. Indonesia was identified as the most targeted country within APAC, with 5.81% of attacks, followed by India at 4.65%, China at 2.33%, and Japan at 1.16%. While the proportion is lower than Western markets, this trend reflects a strategic expansion by threat actors in the region.

Vulnerabilities and methods

Third-party and supplier breaches emerged as a critical issue in the findings. Nearly all (97%) of the major US banks suffered third-party breaches in 2024, while all major European financial institutions experienced supplier-related incidents. These breaches illustrate the systemic risks associated with interdependent vendor ecosystems and raise concerns for financial institutions in APAC that may face similar exposure.

The report also notes a shift in attacker tactics. Threat actors have increasingly moved away from traditional ransomware - which typically locks systems via encryption - toward methods focused on data exfiltration and multi-stage extortion. The use of legitimate, stolen credentials allows attackers to move more freely within targeted systems, often evading detection for longer periods.

James McQuiggan, Security Awareness Advocate at KnowBe4, commented on the risks posed by evolving attacker methods:

"Adversaries are gaining an advantage against the financial sector. Traditional defenses are no longer sufficient and threat actors discovered stealing valid credentials is more effective than ransomware because it allows them to move undetected. The battle comes down to the human level. Financial institutions must prioritise human risk management to close this critical security gap."

The increased use of artificial intelligence by attackers was also highlighted, with malicious actors employing tools such as FraudGPT and ElevenLabs to carry out more convincing phishing campaigns. Analysis of dark web posts found stolen credentials now far outstripping credit card theft, and infostealer infection attempts rising by 58% in 2024. Of all attacks, 68% originated from email communication.

Critical impacts

The operational risk posed by these attacks is significant.

According to a staff report from the Federal Reserve Bank of New York cited in the study, even a single day's disruption in payments by major banks could impact 38% of other network banks globally. This points to the cascading consequences that targeted cyber incidents could have throughout the worldwide financial network.

Mitigating human risk

KnowBe4's research points to the importance of comprehensive security awareness training as a key factor in reducing risk. The report found that while the initial Phish-prone Percentage (PPP) among employees at large financial institutions averaged 44.7%, robust training programmes could reduce this susceptibility to below 5%.

These findings underscore the financial sector's ongoing struggle to improve its resilience against cyber threats - particularly those exploiting human vulnerabilities - and the rising importance of layered defence strategies.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Financial firms face 25% surge in advanced cyberattacks in 2024
FCA pension transfer review urges balance between speed & safety
AI adoption surges among non-graduate workers in global south
Hexaware launches Agentic AI Academy to upskill global workforce
Holland & Barrett saves 3,000 hours with AI for data requests

Top stories

UK banks frustrated by cloudwashing in core banking adoption
AccountsIQ integrates non-financial KPIs for unified reporting
Certes warns UK executives face liability as data breach risks rise
Generative AI transforms Women's Rugby World Cup broadcasts
China-nexus hackers exploit cloud trust links in high-profile cyberespionage