SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Tense hooded figure dark room binary code shadowy office workers risk
#
Ransomware
#
Phishing
#
Advanced Persistent Threat Protection

Financial sector faces surge in cyberattacks & human risk

Thu, 4th Sep 2025
Author image
By Shannon Williams, Journalist

New research has revealed that the global financial sector is experiencing a significant increase in cyber threats, with major institutions facing surging volumes of sophisticated attacks and heightened vulnerability to phishing and credential-based intrusion attempts.

The "Financial Sector Threats Report" from KnowBe4 highlights that financial service firms globally face up to 300 times more cyberattacks annually compared to other industries, with a 25% year-on-year rise in intrusion events expected for 2024. This continues a trend of mounting challenges for the sector as attack strategies evolve and target both organisations and their employees.

Human risk

The report's findings suggest a growing concern about the human factor in cyber risk. Tests across large financial institutions found nearly 45% of employees were likely to click on malicious links or download infected files. This high level of susceptibility creates significant entry points for attackers, enabling more effective penetration of corporate networks.

"Adversaries are gaining an advantage against the financial sector," said James McQuiggan, Security Awareness Advocate at KnowBe4. "Traditional defenses are no longer sufficient and threat actors discovered stealing valid credentials is more effective than ransomware because it allows them to move undetected. The battle comes down to the human level. Financial institutions must prioritise human risk management to close this critical security gap."

In tandem with these internal risks, the research shows that external threats are also escalating, particularly through more convincing phishing campaigns. These campaigns, often underpinned by AI tools like FraudGPT and ElevenLabs, have shifted the nature of attacks away from classic ransomware to strategies focused on data exfiltration and multi-stage extortion. Attackers increasingly use legitimate credentials to remain undetected within financial networks.

Global exposure

The report details that, in 2024, 97% of the largest US banks experienced third-party breaches, while all of Europe's leading financial firms reported supplier breaches. The vulnerabilities exposed in vendor and supply-chain ecosystems have become a critical concern for financial sector resilience, as attackers exploit connections between organisations and their external partners.

On a global scale, the US and UK accounted for over 70% of tracked attacks. In the Asia-Pacific (APAC) region, reported attack rates have remained lower than in Western markets, though Indonesia (5.81%), India (4.65%), China (2.33%), and Japan (1.16%) were identified as the most targeted countries in APAC. The report cautioned that institutions in these regions cannot afford to ignore the risks already impacting Western counterparts, especially with rising attack volumes.

Payment system risks

The potential consequences of these cybersecurity challenges for critical financial infrastructure have also been outlined. Referencing analyses by the Federal Reserve Bank of New York, the research notes that even a single day's disruption in global payments systems at major banks could impact 38% of network banks around the world, underscoring the interconnected risks inherent in the sector.

Changing attack methods

KnowBe4's report analyses over three million dark web posts and highlights a rise in the use of stolen credentials, with infostealer infection attempts increasing by 58% in 2024. Email remains the dominant attack vector, with 68% of incidents traced back to malicious email campaigns targeting employees and systems.

Mitigation strategies

The report states that initial Phish-proneTM Percentage (PPP) rates in large financial institutions stand at 44.7%. However, with comprehensive security awareness training, phishing susceptibility can be reduced to below 5%. This finding indicates a clear, actionable route for organisations seeking to build cyber resilience and manage human risk more effectively.

The analysis concludes that while technology-based threats are evolving rapidly, human error and awareness remain at the centre of the cybersecurity challenge facing the financial sector. As threat actors shift their strategies to evade detection and exploit new vulnerabilities, sustained investment in employee training and risk reduction is outlined as a foundational element for defending against systemic disruption.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Eugene Donovan rejoins Gallagher Security as Training Solutions Engineer
TeamViewer unveils Agentless Access for secure industrial control
Falco integrates Stratoshark for faster forensic cloud security
Fortinet unveils Secure AI Data Centre to protect large models
Bitdefender unveils Security Data Lake to cut alert overload

Top stories

AI & phishing attacks highlight human risk in Australian fraud
Synology unveils PAS7700 NVMe storage to meet AI data surge
Exclusive: Coevolve's Tim Sullivan warns firms on AI connectivity gap
Financial firms struggle to fully scale AI amid data silos & security
Datadog launches cloud storage tool to tackle rising AI costs