Press ReleaseArtificial IntelligenceCyber Crime & Forensic

KnowBe4 Report Reveals Global Financial Sector Faces Unprecedented Cyber Threat Surge

Research Shows Financial Institutions Experience Up to 300 times More Cyberattacks Than Other Sectors, with Large Banks Reporting 45% of Employees Susceptible to Phishing Attacks

KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, has released its latest research paper Financial Sector Threats Report, uncovering critical insights into the escalating cybersecurity crisis facing the global financial sector. The report shows that financial institutions face a perfect storm of Artificial Intelligence (AI)-enhanced attacks, credential theft, and supply chain vulnerabilities that pose systemic risks to the global financial industry.

The research reveals almost all (97%) of major U.S. banks experienced third-party breaches in 2024, while targeted intrusions against financial institutions increased by 109% year-on-year. Most concerning, tests in large financial institutions found that nearly 45% of employees were likely to click on a malicious link or download an infected file, creating entry points for threat actors. The report highlights how threat actors are leveraging AI tools like FraudGPT and ElevenLabs to create more convincing phishing campaigns, while simultaneously moving away from traditional ransomware encryption toward data exfiltration and multi-stage extortion schemes. This evolution allows attackers to use legitimate credentials, making detection significantly more challenging.

According to Federal Reserve Bank of New York Staff Reports, even a single day’s disruption in payments by major banks could affect 38% of network banks globally.

What Precisely Did KnowBe4 Uncover?

Key findings from the KnowBe4 report include:

  • Financial service firms globally experience up to 300 times more cyberattacks annually than other industries, with a 25% year-on-year increase in intrusion events for 2024.

  • 97% of the largest U.S. banks suffered third-party breaches in 2024, while 100% of Europe’s top financial firms suffered supplier breaches, highlighting vulnerabilities in vendor ecosystems.

  • Analysis of over three million dark web posts shows stolen credentials far outpace credit card theft; infostealer infection attempts increased 58% in 2024, and 68% of attacks originated from email.

  • The U.S. and U.K. together represent over 70% of attacks. In the APAC region, Indonesia (5.81%), India (4.65%), China (2.33%), and Japan (1.16%) have been strategically targeted, but at much lower rates than Western targets.

  • Large financial institutions show 44.7% Phish-prone™ Percentage (PPP) rates initially, but comprehensive security awareness training reduces phishing susceptibility to below 5%.

“Adversaries are gaining an advantage against the financial sector,” said James McQuiggan, security awareness advocate at KnowBe4. “Traditional defences are no longer sufficient, and threat actors discovered stealing valid credentials is more effective than ransomware because it allows them to move undetected. The battle comes down to the human level. Financial institutions must prioritise human risk management to close this critical security gap.”

Download the full KnowBe4 report Financial Sector Threats: The Shifting Landscape here.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *