Following the Money: Banking and Cybercrime in 2025

The banking industry is a prime target for cybercriminals. Hackers can win lucrative sums, steal customer data, and even destabilize economies.

And it happens all too frequently. Whether it’s a data breach at Santander, or a cyber heist at multiple Czech banks, cybercrime in banking systems is on the rise.

Let’s explore some emerging trends and case studies in the banking sector—along with some cybersecurity measures that could turn the tide.

1. Do banks have good cybersecurity?

It depends on the size of the bank. Generally, larger institutions have strong cybersecurity measures in place.

However, adherence to minimum cyber resilience standards has dropped by 30% in smaller and medium enterprises. And a McKinsey & Company report found that most financial firms feel they underspend on cybersecurity.

Above: A Graph showing underspending on cybersecurity in banking. Source: McKinsey & Company.

Due to the interconnectivity of banking networks, one weak link could compromise the whole system. For instance, a study found that 38% of the US finance network could be disrupted by an attack on one of their top 5 banks.

And, a cyberattack could take many forms, since the financial industry has a range of vulnerabilities, including:

1. Outdated infrastructure and legacy systems: Older technology is expensive to upgrade, and it’s also harder to secure against malware and other cybersecurity risks.
2. Strict regulatory compliance measures: Stringent regulations can sometimes slow the advancement of new cyber security policies.
3. Lack of focus on the external attack surface: In some instances, banks are overly focused on their internal systems, without securing their public-facing digital assets with an external attack surface management (EASM) tool, such as CybelAngel.

So, while larger banks have improved their cybersecurity initiatives, the wider industry is still at risk—and this could still compromise the entire financial system.

2. What are the most common cyber attacks on banks?

Most cyberattacks are financially motivated, so information security in banks is paramount. The digital transformation of the banking sector, including the rise of online and digital banking apps and other Fintech applications, has multiplied the vulnerabilities that hackers can exploit.

Some of the most prevalent cyber attack vectors impacting banks include:

1. Phishing attacks: Sophisticated phishing campaigns aim to trick employees or customers into revealing login credentials or sensitive information, facilitating unauthorized access, account takeovers, identity theft, or data breaches.
2. Ransomware attacks: Malicious encryption of critical financial data and systems, followed by ransom demands, can cripple bank operations and lead to significant financial losses and reputational damage.
3. Distributed Denial of Service (DDoS): Overwhelming servers with traffic from multiple sources can disrupt online banking platforms and services, impacting customer experience and revenue streams.
4. Account takeover: Compromised customer accounts through credential stuffing or other techniques enable fraudulent transactions, money laundering, and theft of sensitive data.

3. Current trends and emerging cybersecurity threats

So, what is the scope of cybersecurity risks in the financial sector? What does the threat landscape look like for 2025? Let’s unpack 7 core insights that every information security team should know.

Ransomware attacks on the financial industry are increasing

In their 2024 report, CybelAngel found that the average recovery cost of a ransomware attack is $1.82 million (not counting the ransom fee itself).

And, according to a Statista report, there has been a 91% increase in ransomware attacks on finance organizations since 2021. This puts banking providers under pressure to boost their IT security systems… Or pay a hefty price later on.

Above: Graph showing that ransomware attacks have increased from 35% of financial organizations in 2021, to 65% in 2024. Source.

Data violation from cyberattacks has increased by 333% since 2019

The financial services industry has reported 744 cases of data violation this year due to cybercrime, whereas in 2019, there were only 172 cases.

With the rise of malware, scams, and other advanced persistent threats, banks are vulnerable to losing sensitive data at any time. Information security teams and CISOs should follow this PII data leak checklist to safeguard their digital assets.

Graph showing that data security loss in the finance industry has increased since 2019.

Above: A graph showing that data security loss in the finance industry has increased since 2019. Source.

Banks have the second-highest count of data violations

Since 2021, the financial sector has the second-highest count of data violations due to cyberattacks—second only to the healthcare industry. With ample amounts of sensitive financial data for hackers to exploit, from credit card details to social security numbers, the industry will always be a top target for cybercrime.

Report showing that the financial sector has the second-highest number of data breaches due to cyberattacks. Source.

Credit card fraud is the most popular approach

Credit card fraud is the most frequently encountered cybercrime that Americans experience. Cybercriminals might try to steal credit card details in many ways, including smishing, phishing, and vishing.

Graph showing that credit card fraud is the most common financial cybercrime in America. Source.

Banks are prioritizing regulatory compliance and security measures

To level up their cybersecurity solutions, McKinsey & Company found that banks are counting on risk management tools and regulatory compliance—while learning from audits and incident response plans are less of a motivator.

Report showing the top cybersecurity priorities for financial organizations. Source.

Artificial intelligence can compromise data security

In an age of AI and machine learning, cybersecurity for banks can be compromised in a whole new range of ways. For instance, cybercriminals can use AI to simulate realistic emails or messages.

But sensitive data can also be unwittingly shared by bank employees, who might be using AI to simplify their workflows. Because of this, several major banking groups, including JPMorgan and Goldman Sachs, have banned their employees from using ChatGPT.

Charts showing the transmission of sensitive data via ChatGPT. Source.

Cryptocurrency hackers stole $1.7 billion last year

A Reuters report found that cybercriminals stole $1.7 billion in cryptocurrency funds in 2023. While this is 54% less than the year before, the number of individual crypto hacking incidents has nonetheless increased.

4. High-profile cyber incidents in financial services

From supply chains to national economies, here are some examples of everything that can go wrong when cybersecurity in financial sector organizations is compromised.

A McKinsey & Company infographic showing major cyber incidents between 2007—2023. Source.

Santander

In May 2024, hackers announced that they had stolen data, including 30 million people’s bank details, and were posting it for sale. While Santander didn’t confirm the validity of these figures, they did acknowledge that data had been stolen.

Ongoing Operations

This third-party provider suffered a ransomware attack that compromised around 60 credit unions in December 2023. This shows how supply chains and third-party risks can compromise any banking system—regardless of how secure its internal processes are.

The Czech banking system

In 2023, Russian hackers targeted the Czech banking sector and stock exchange with a DDoS attack in retaliation for their support of Ukraine. While profit can be a major motivator for cyber gangs, political activism can also play a role.

Bank of America

In November 2023, the Lockbit ransomware group exposed the personal information of approximately 57,000 Bank of America customers, via one of their service providers, Infosys McCamish Systems. Even worse, Forbes reported that customers weren’t made aware of the data breach until February 2024.

Evolve Bank & Trust

In another attack associated with LockBit in February 2024, the US banking as-a-service company Evolve suffered a data breach that affected at least 7.6 million people. Affected customers were offered free 24-month credit monitoring and identity theft protection.

Industrial and Commercial Bank of China Ltd

Even Wall Street isn’t immune. The broker-dealer of China’s largest bank suffered a ransomware attack in November 2023. According to Reuters, it was temporarily left owing $9 billion, a much higher figure than its net capital.

Travelex

Foreign currency orders had to be suspended at Lloyds, Barclays and the Royal Bank of Scotland, following a ransomware attack on Travelex in January 2020. Travel money services were disrupted, and an anonymous employee spoke of “a distinct lack of real leadership and communication” within the organization.

5. What are the main cybersecurity regulations in the financial sector?

According to the World Economic Forum, the main regulatory challenge for banks is that there are too many—and sometimes conflicting—policies to stick to.

Barriers to complying with regulations, as shown by the World Economic Forum’s Global Cybersecurity Outlook Report. Source.

Here are 9 cybersecurity regulations that affect financial institutions in the US, Europe, and the wider world.

1. Gramm-Leach-Bliley Act (GLBA): This US law requires financial institutions to be transparent about their information-sharing practices and to protect sensitive data.
2. Bank Secrecy Act (BSA)/Anti-Money Laundering (AML): BSA includes requirements for “financial transparency and to deter and detect those who seek to misuse the U.S. financial system.”
3. Cybersecurity Information Sharing Act (CISA): Encourages the sharing of cybersecurity threat information between the US government and private entities, including financial institutions.
4. Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Guidance: FFIEC provides frameworks for financial institutions to improve their cybersecurity awareness.
5. Securities and Exchange Commission (SEC): The SEC enforces cybersecurity policies for publicly traded companies and investment firms, including reporting requirements for cybersecurity incidents.
6. General Data Protection Regulation (GDPR): GDPR impacts financial institutions due to its strict requirements on data protection for EU residents.
7. Digital Operational Resilience Act (DORA): DORA requires EU finance firms (and their vendors) to follow standardized cybersecurity policies.
8. Financial Conduct Authority (FCA) Cybersecurity Guidelines: The FCA enforces cybersecurity standards for 56,000 financial firms, focusing on creating a “security culture in firms of all sizes.”
9. ISO/IEC 27001: An “international standard for information security management systems (ISMS).” An ISO 27001 certification is a globally recognized standard to show that an organization is following the best information security practices.

There are many more information technology in financial services regulations, and compliance can be challenging, due to the multifaceted requirements of all the different policies.

6. Does the FDIC cover cyber-attacks?

The Federal Deposit Insurance Corporation (FDIC) insures deposits and supervises financial institutions in the United States. However, it does not protect against “losses due to theft or fraud”, which are typically associated with cybercrime.

Every financial institution is responsible for ensuring it has adequate cyber insurance measures in place. However, in reality, this can vary depending on whether the organization is high-revenue or low-revenue. Look at the data shown by the World Economic Forum below.

A World Economic Forum graph showing the organizations with cyber insurance policies. Source.

7. How can financial institutions improve their cyber resilience?

As a priority, McKinsey & Company found that most financial organizations want to improve their supply chain security.

Areas where financial services organizations feel they could improve their security standards.Source.

But there are lots of other areas where banks can boost their cyber resilience, from firewalls, to better access controls, to multi-factor authentication.

A global standard, known as the G7 Fundamental Elements of Cybersecurity for the Financial Sector, offers 8 principles for financial institutions that want to improve their security posture.

1. Cybersecurity strategy and framework: This should be tailored to each company’s size, complexity, culture, and risk profile.
2. Governance: Every bank should promote accountability, access to the right resources, and have specific roles. This ensure the rules of reporting and escalation are followed.
3. Risk and control assessment: Financial institutions should be constantly evaluating their cyber risk. This should include ‘people, processes, technology, and underlying data’ in real-time.
4. Monitoring: Banks should quickly detect cyber incidents and regularly test their security systems. For example, they can invest in EASM tools like CybelAngel to scan, prioritize, and resolve threats from the outside.
5. Response: Financial organizations should quickly assess the ‘nature, scope, and impact’ of a cyberattack. This need to focus on containing and mitigating the impact, and notifying the relevant stakeholders.
6. Recovery: In the event of a breach, finance groups should restore their systems and resolve any vulnerabilities. For instance, banks can get help from providers such as CybelAngel to reduce their remediation time by 85%.
7. Information sharing: Communication is key. Financial institutions should share ‘reliable, actional cybersecurity information with internal and external stakeholders.’ This can keep the entire industry and governing authorities one step ahead of cybercriminals.
8. Continuous learning: Constantly following the cybersecurity landscape will help financial institutions to anticipate and prevent future incidents.

Conclusion

The stakes are incredibly high in the financial industry. But with the right policies and frameworks, and support from cybersecurity providers, banks can push back against cybercrime. Feel free to book a demo to learn more about safeguarding your financial organization.