The financial sector is rapidly moving into a more digital and interconnected era, driven by cloud technology, open data sharing, and artificial intelligence. But as banks and insurers innovate, they are also exposing themselves to rising cyber risks. According to recent industry findings, organizations in banking, financial services, and insurance now spend about $1.2 million a year on cybersecurity, yet the price of a major breach can reach $3.2 million, highlighting the growing cost of underestimating digital threats.
Several major technology shifts are transforming the industry. Open Banking APIs are making services more customer-centric but also creating new potential entry points for attackers. Banking-as-a-Service, which allows companies to launch financial products using third-party infrastructure, brings speed and convenience while introducing shared-risk vulnerabilities that can spread across partner networks.
Embedded finance is weaving payments and lending directly into retail and delivery apps, expanding beyond traditional security controls and requiring more continuous monitoring. Cloud migration is helping institutions scale quickly, but concerns about misconfigurations and unclear security responsibilities have made cloud adoption one of the top cybersecurity worries for financial leaders. Meanwhile, artificial intelligence has become nearly universal across the sector, improving efficiency and risk assessment even as it introduces new threats such as manipulated models, synthetic fraud, and AI-powered phishing.
These innovations are strengthening the industry but also widening the attack surface. In 2024, financial institutions faced a surge in cyber incidents, with ransomware accounting for 42 percent of attacks and phishing making up 24 percent, often aimed directly at banking customers. Human error remained a major problem, responsible for more than a quarter of all breaches, while infostealer malware continued to spread, with one in fourteen infections leaking payment card data.
Behind these everyday threats, sophisticated advanced persistent threat groups continued targeting financial institutions worldwide, exploiting zero-day vulnerabilities and supply-chain weaknesses. Even widely used tools were affected, including a zero-day browser flaw that opened the door to targeted attacks.
Last year, the sector accounted for 18 percentof all reported security incidents, facing everything from public service disruptions to breaches that went undetected for weeks.
To counter this expanding threat landscape, financial institutions are adopting more strategic, holistic cybersecurity approaches. Many are beginning with wide-ranging audits of their infrastructure to uncover vulnerabilities before attackers do, often aided by external specialists who bring independent insight. Institutions are also investing in advanced security platforms that integrate monitoring, detection, and rapid response across all business units, ensuring threats can be identified and contained quickly.
Continuous learning is becoming essential as well, with organizations relying on real-time threat intelligence and frequent employee training to strengthen their first line of defense.
Cybersecurity providers with deep experience in the financial sector—such as Kaspersky—are increasingly supporting these efforts, helping banks and insurers stay compliant, reduce financial risk, and protect their operations.
As the industry continues to innovate, experts stress that long-term success will depend not just on adopting new technologies, but on building resilient systems capable of defending against threats that evolve just as quickly.
