KnowBe4, a cybersecurity platform focused on human risk management, has released its “Financial Sector Threats Report,” which uncovers critical insights into the escalating cybersecurity challenges facing the global financial sector. The report indicates that financial institutions are contending with a convergence of AI-enhanced attacks, credential theft, and supply chain vulnerabilities, posing systemic risks to the industry.

The research reveals that nearly all (97%) major U.

S. banks experienced third-party breaches in 2024, while targeted intrusions against financial institutions increased by 109% year-over-year. In tests conducted within large financial institutions, approximately 45% of employees were initially prone to clicking on malicious links or downloading infected files, creating significant entry points for threat actors. The report highlights how attackers are leveraging AI tools such as FraudGPT and ElevenLabs to develop more convincing phishing campaigns. Concurrently, there is a noted shift away from traditional ransomware encryption towards data exfiltration and multi-stage extortion schemes, allowing attackers to utilize legitimate credentials and significantly complicate detection.

According to Federal Reserve Bank of New York Staff Reports, a disruption lasting even a single day in payments by major banks could impact 38% of network banks globally. Key findings from KnowBe4’s report include that financial service firms worldwide experience up to 300 times more cyberattacks annually than other industries, with a 25% year-on-year increase in intrusion events for 2024. Furthermore, 100% of Europe’s top financial firms suffered supplier breaches, underscoring vulnerabilities within vendor ecosystems.

Analysis of over three million dark web posts indicates that stolen credentials significantly outpace credit card theft. Infostealer infection attempts increased by 58% in 2024, with 68% of attacks originating from email. The United States accounts for 60% of all ransomware attacks against financial institutions, and when combined, the U.

S. and U.

K. represent over 70% of these attacks, with increasing activity observed targeting emerging markets in South Asia and Latin America. While large financial institutions initially show 44.7% Phish-prone™ Percentage (PPP) rates, comprehensive security awareness training has been shown to reduce phishing susceptibility to below 5%.

James McQuiggan, a security awareness advocate at KnowBe4, stated, “Adversaries are gaining an advantage against the financial sector. Traditional defenses are no longer sufficient and threat actors discovered stealing valid credentials is more effective than ransomware because it allows them to move undetected. The battle comes down to the human level. Financial institutions must prioritize human risk management to close this critical security gap.”

KnowBe4, which works with over 70,000 organizations globally, provides a comprehensive AI-driven platform for Human Risk Management (HRM+), designed to strengthen security culture and manage human risk through modules for awareness and compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, and AI Defense Agents. The company aims to transform workforces from an attack surface into an organizational asset.