Navigating Cyber 2025 Finds Heightened Cyber Threats Testing Financial Sector’s Operational Resilience

FS-ISAC, the member-driven, not-for-profit organisation that advances cybersecurity and resilience in the global financial system, has released the findings of Navigating Cyber 2025, an annual report on cyber threats and trends.

The Navigating Cyber 2025 report highlights the top cyber threats challenging the financial services sector today, including the following:

• Surging fraud and scams enabled by generative AI
• Attacks on suppliers that impact critical operations
• More opportunities for threat actors to exploit geopolitical and economic conflict and uncertainty
• Increasing sophistication of long-established attack types such as distributed denial of service (DDoS) attacks and ransomware.

Furthermore, the Navigating Cyber 2025 report also provides key predictions for 2025 and beyond, offering firms valuable insights to help strengthen their cybersecurity programs.

“The Navigating Cyber 2025 report’s findings underscore the complexity and unpredictability of today’s threat landscape,” said Steve Silberstein, CEO at FS-ISAC. “The global financial sector’s interconnectedness with the supply chain and its ongoing incorporation of emerging technologies add to the challenges. Cross-border collaboration and proactive intelligence sharing are essential to safeguarding the global financial system.”

Navigating Cyber 2025 Report Recommends Steps to Take

In order to maintain stakeholder trust and stay ahead of nimble threat actors, financial firms are expected to:

• Increase investment in fraud prevention. Threat actors are leveraging real-time payments and cryptocurrencies to make it virtually impossible to recover ill-gotten funds, prompting financial institutions to heighten their focus on fraud and scam prevention and detection. Firms will implement strategies like “smart friction,” implementing increased security measures in the user experience to slow payment authorisations. Additionally, breaking down silos between fraud and cyber teams and sharing fraud intelligence will be essential to effectively combat the cross-border, cross-sector nature of fraud.
• Leverage AI in cyber defence, while keeping up the basics. Adversaries are harnessing GenAI advancements to increase the volume and sophistication of their attacks, lowering the barrier of entry for high-impact incidents. Impersonation scams, such as deepfakes targeting C-suite executives and fake outsourced IT workers, will compel firms to prioritise foundational cyber hygiene practices, including robust employee training.
• Strengthen focus on effective third-party risk management. In 2024, multiple high-profile third-party incidents kept the sector on alert. Many institutions rely on the same service providers, increasing the likelihood of sector-level impact in the event of an attack. In addition to an increased focus on API security to minimise chances of systems access in case of third-party attacks, new resilience regulations will require more proactive monitoring of supplier security postures.
• Shorten timelines for post-quantum readiness. A spate of announcements on quantum computing advancements means that financial firms must begin the process of migrating their most vulnerable assets to crypto agile encryption algorithms that will be able to adapt quickly to the quantum age.

“The ever-changing cyber threat landscape means each year is unprecedented in nature, with threat actors leveraging every available tool to disrupt operations and undermine trust in the financial sector,” said Teresa Walsh, FS-ISAC’s Chief Intelligence Officer and Managing Director, EMEA, about the findings of the Navigating Cyber 2025 report. “To ensure operational resilience, firms must adopt a forward-looking cyber posture that incorporates proactive threat modelling, agile defence capabilities, and cross-border collaboration.”