A report by KnowBe4 highlights a dramatic increase in cyber threats targeting the global financial sector, revealing that these institutions face up to 300 times more cyberattacks than other industries.
The "Financial Sector Threats Report" indicates that large banks are particularly vulnerable, with nearly 45% of employees likely to fall for phishing attacks.
The research reveals a concerning landscape where almost all (97%) major U.S. banks experienced third-party breaches in 2024, and targeted intrusions against financial institutions surged by 109% year-over-year.
The report underscores the evolving tactics employed by cybercriminals, including the use of AI tools like FraudGPT and ElevenLabs to enhance phishing campaigns. This shift away from traditional ransomware towards data exfiltration and multi-stage extortion schemes complicates detection efforts, as attackers increasingly leverage legitimate credentials.
According to the Federal Reserve Bank of New York, even a single day's disruption in payments by major banks could affect 38% of network banks globally, demonstrating the systemic risks posed by these cyber threats.
Key findings from the report include:
- Financial service firms globally experience up to 300 times more cyberattacks annually than other industries, with a 25% year-on-year increase in intrusion events for 2024.
- 97% of the largest U.S. banks suffered third-party breaches last year, while all of Europe's top financial firms reported supplier breaches, revealing critical vulnerabilities in vendor ecosystems.
- Analysis of over three million dark web posts indicates that stolen credentials now outpace credit card theft; infostealer infection attempts increased by 58% in 2024, with 68% of attacks originating from email.
- The U.S. and U.K. account for over 70% of attacks, with the APAC region also targeted, particularly in Indonesia (5.81%) and India (4.65%), albeit at lower rates than Western countries.
- Large financial institutions exhibit a 44.7% Phish-prone Percentage (PPP), but comprehensive security awareness training can reduce this susceptibility to below 5%.
"Adversaries are gaining an advantage against the financial sector," said James McQuiggan, security awareness advocate at KnowBe4. “Traditional defenses are no longer sufficient. The battle comes down to the human level. Financial institutions must prioritise human risk management to close this critical security gap.”
As cyber threats continue to evolve, financial institutions must enhance their security strategies and invest in comprehensive training to equip their workforce against these sophisticated attacks.