CFOtech US - Technology news for CFOs & financial decision-makers
United States
Guides
#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
healthtech
Search
Story image
#
Ransomware
#
Advanced Persistent Threat Protection
#
Quantum Computing

Cyberattacks: A ticking time bomb for financial stability?

Yesterday
By Bryan Marlatt, Chief Regional Officer, CyXcel

No industry is at greater threat of cyberattacks than the financial sector. 

According to the IMF's Global Financial Stability Report, it is impacted by nearly one in five of all reported cyber incidents globally, financial services organizations having suffered some $12 billion in losses over the course of the last two decades, and $2.5 billion since 2020.

A the world's largest economy, the US continues to bear the brunt of the most significant attacks. Indeed, the largest data breach involving any bank in 2024 impacted Evolve Bank & Trust, with the names, Social Security numbers, Evolve account numbers, dates of birth and contact information of 7.6 million people having been compromised. And just over a year ago, meanwhile, LoanDepot experienced the largest data breach of any financial services company, impacting 16.9 million people. 

It's hardly surprising that threat actors continue to focus on attacking financial firms; these organizations are entrusted with vast amounts of highly sensitive data and substantial financial assets. 

What is a growing concern, however, is the increasingly sophisticated techniques that highly organized criminal gangs are now using.

IMF: Sophisticated cyber threats may erode trust in financial systems

In a highly digitized world, almost all major financial firms are now reliant upon third-party IT service providers, leveraging key technologies and platforms to enhance their operational efficiencies and improve their service delivery. 

This is a necessity in the modern era. However, it's equally vital that organizations recognize the vulnerabilities these partnerships create, with supply chain attacks now growing in prevalence. Back in 2023, for example, we saw how a ransomware attack on a cloud IT service provider caused simultaneous outages at 60 US credit unions.

At the same time, security professionals now confront another difficult task: mitigating the potential cyber threats associated with generative AI.

Notably, the US Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) issued an alert in November 2024, specifically warning financial institutions about the growing use of deepfake media by criminals targeting financial institutions and their customers.

"While GenAI holds tremendous potential as a new technology, bad actors are seeking to exploit it to defraud American businesses and consumers, to include financial institutions and their customers," said FinCEN Director Andrea Gacki. 

It is novel technologies and new threats like these that are enabling cybercriminals to target highly lucrative victims, such as financial firms.

It's not just about the implications of breaches themselves. The IMF argues that such incidents can threaten financial and economic stability by eroding confidence in financial systems, disrupting critical services, and damaging other critical national industries.

"A severe incident at a financial institution could undermine trust and, in extreme cases, lead to market selloffs or runs on banks," the IMF states. "Although no significant "cyber runs" have occurred thus far, our analysis suggests modest and somewhat persistent deposit outflows have occurred at smaller US banks after a cyberattack."

Don't let compliance be a box-ticking exercise

Given the extent of the potential impacts of these threats – both to banks and their customers in relation to individual data breaches, and on a broader basis to financial systems as a whole – it's easy to see why increasingly stringent regulations are being placed on US financial firms, from the CFPB to the PCI Security Standards Counsel and PCAOB. 

Yes, the compliance burden is growing. Yet financial firms must not treat their alignment with their requirements as a box-ticking exercise. Today, more than ever before, industry players must take a proactive approach to security, using these regulations and other key international standards as guidelines for establishing robust cyber defenses.

It's vital to understand that cybersecurity improvements aren't a case of "one and done". They must be a continual, ever evolving effort, with constant tweaks required to ensure that the fundamentals of successful security – be it patching, encryption or otherwise – are watertight. 

While processes might be in place, if they are not followed meticulously, then gaps will emerge, and potential risks will heighten. Therefore, continual training and awareness efforts are vital to ensure that proper process and effective security becomes truly habitual.

In addition, companies must continually look ahead, making sure that they stay abreast of evolving threats, monitoring the evolution of technologies to ensure that they stay one step ahead of cybercriminals wherever possible. For example, with quantum computing poised to render passwords breakable within minutes, firms must consider adapting their defenses, leaning more heavily into solutions such as multi-factor authentication and passwordless solutions.

Continually scrutinize solutions and embrace expertise

This might all appear to be quite doom-mongering and daunting, but with the right vendors and partners, financial firms will be able to protect themselves properly with relative ease. 

With that said, effective security is not a case of working with every possible partner and acquiring every new solution that comes to market. There's a balance to strike, and you can easily find yourself in a position where you have too much.

More solutions require more personnel and more resources, and that can quickly spiral, creating question marks over cost and value in what is already a difficult economic environment. It's therefore important to continually evaluate your security stack, scrutinizing each and every solution and capability to ensure that it truly adds value.

Do certain solutions overlap? Can the capabilities from three different platforms be provided by one? Any security partner worth having will be able to help you answer these key questions so that you can optimize and bolster your security with the right solutions, focusing on effectiveness rather than sheer quantity. 

While financial firms generally have fewer worries about budgets, proper security doesn't have to come with an exorbitant price tag. 

With the right expertise and resources deployed in the right way, the performance of financial sector security can become optimized, effectively protecting against novel threats in a rapidly escalating cyber risk landscape.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Forrester report advises leaders on tackling economic shocks
Cybersecurity concerns rise after US Treasury OCC breach
Market volatility & cyber threat increase amid US tariffs
OpenText launches Project Titanium X with CE 25.2 update
Oracle achieves leader status in Gartner 2025 AI quadrant
Top stories
BLUETTI celebrates Earth Day 2025: Our clean power for our green planet
Tax Season Success: The Founder's Guide to Financial Clarity
Fast moves, big change: Google Cloud on AI enabling business
PrePad secures USD $2.8m to expand in drilling sector
EcoOnline wins top product award for sustainability tool