Global Financial Sector Grapples with Unprecedented Surge in Cyber Threats, KnowBe4 Report Finds
The global financial sector is under siege. A new report from KnowBe4, a leading cybersecurity platform specializing in human risk management, reveals an alarming escalation in cyber threats targeting financial institutions. The “Financial Sector Threats Report” provides a sobering analysis of the challenges facing banks, investment firms, and other financial entities as they navigate a landscape increasingly dominated by AI-driven attacks, credential theft, and supply chain vulnerabilities.
According to the report, financial institutions are experiencing up to 300 times more cyberattacks annually than other industries, with intrusion attempts surging by 25% year-over-year in 2024 alone. Perhaps most concerning, nearly 45% of employees at large financial institutions are susceptible to phishing attacks, creating significant entry points for threat actors. This susceptibility underscores the critical role that human error plays in enabling cybercrime—a fact that adversaries are exploiting with increasing sophistication.
A Perfect Storm of Cybersecurity Challenges
The report paints a grim picture of the current state of cybersecurity in the financial sector. In 2024, 97% of major U.S. banks reported third-party breaches, while 100% of Europe’s top financial firms experienced supplier-related breaches. These statistics highlight the growing vulnerabilities within vendor ecosystems, which are increasingly being targeted by cybercriminals as weak links in the security chain.
Adding to the complexity, attackers are leveraging advanced tools like FraudGPT and ElevenLabs to craft highly convincing phishing campaigns. These AI-powered tools enable criminals to bypass traditional defenses by mimicking legitimate communications with startling accuracy. Moreover, there has been a notable shift away from traditional ransomware tactics toward data exfiltration and multi-stage extortion schemes. By stealing valid credentials and infiltrating systems undetected, attackers can operate for extended periods without triggering alarms, making detection exponentially harder.
The implications of these trends are staggering. According to Federal Reserve Bank of New York Staff Reports, even a single day’s disruption in payments caused by a cyberattack could impact 38% of network banks globally, underscoring the systemic risks posed by these threats.
Key Insights from the Report
The findings in KnowBe4’s report are both comprehensive and alarming:
- Volume of Attacks: Financial service firms face up to 300 times more cyberattacks annually compared to other industries.
- Third-Party Breaches: Nearly all (97%) of the largest U.S. banks suffered third-party breaches in 2024, while European counterparts fared no better, with 100% reporting supplier-related compromises.
- Credential Theft Dominance: Analysis of over three million dark web posts revealed that stolen credentials far outpace credit card theft. Infostealer infection attempts surged by 58% in 2024, with 68% of attacks originating via email.
- Geographic Hotspots: The U.S. accounts for 60% of all ransomware attacks targeting financial institutions, with the U.K. following closely behind. Together, these two countries represent over 70% of total attacks, though emerging markets in South Asia and Latin America are seeing rising activity.
- Human Vulnerability: Large financial institutions recorded initial Phish-prone™ Percentage (PPP) rates of 44.7%, indicating nearly half of employees were likely to fall for phishing scams. However, comprehensive security awareness training reduced susceptibility to below 5%, demonstrating the potential for improvement through education.
The Human Factor: A Double-Edged Sword
James McQuiggan, Security Awareness Advocate at KnowBe4, emphasized the pivotal role humans play in cybersecurity. “Adversaries are gaining an advantage against the financial sector,” he said. “Traditional defenses are no longer sufficient, and threat actors have discovered that stealing valid credentials is far more effective than deploying ransomware because it allows them to move undetected. Ultimately, the battle comes down to the human level. Financial institutions must prioritize human risk management to close this critical security gap.”
McQuiggan’s comments reflect a broader industry consensus: while technological safeguards remain essential, addressing human vulnerabilities is equally—if not more—important. Employees are often the weakest link in the security chain, but with proper training and awareness programs, they can become a robust line of defense.
The Path Forward: Strengthening Defenses
To combat the evolving threat landscape, financial institutions must adopt a multi-layered approach to cybersecurity. Key strategies include:
- Enhanced Vendor Risk Management: Given the prevalence of third-party breaches, organizations should conduct rigorous assessments of their vendors’ security practices and implement stricter contractual requirements for compliance.
- AI-Powered Defense Mechanisms: As attackers leverage AI tools, defenders must do the same. Advanced monitoring systems capable of detecting anomalies and unusual behavior patterns can help identify breaches earlier.
- Employee Training Programs: Comprehensive security awareness training is proving to be one of the most effective ways to reduce phishing susceptibility. Institutions should invest in regular, engaging training sessions to keep employees vigilant.
- Zero Trust Architecture: Implementing zero trust principles ensures that every user and device must verify their identity before accessing sensitive data, reducing the risk of credential-based attacks.
- Collaboration Across Borders: Given the global nature of these threats, international cooperation among governments, regulators, and private-sector stakeholders is crucial to developing unified responses to cybercrime.
About KnowBe4
KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven ‘best-of-suite’ platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization’s biggest asset. More info at knowbe4.com.
