_(1).jpg)
KnowBe4, a leading cybersecurity platform, released its Financial Sector Threats Report on August 21, 2025, highlighting an unprecedented surge in cyberattacks targeting financial institutions. The report, based on extensive research, shows financial firms face up to 300 times more attacks than other industries, driven by AI-enhanced phishing, credential theft, and supply chain vulnerabilities.
Financial institutions face 300x more cyberattacks than other sectors.
97% of major U.S. banks and 100% of Europe’s top firms hit by third-party breaches in 2024.
44.7% of employees in large banks are phishing-prone, reduced to <5% with training.
Stolen credentials outpace credit card theft; infostealer attempts up 58% in 2024.
U.S. and U.K. account for 70% of ransomware attacks on financial firms.
Full report available at knowbe4.com.
The report reveals a 25% year-on-year increase in intrusion events in 2024, with financial institutions facing a “perfect storm” of AI-driven attacks. Nearly all (97%) major U.S. banks experienced third-party breaches, while 100% of Europe’s top financial firms faced supplier breaches, exposing vulnerabilities in vendor ecosystems. Targeted intrusions surged by 109% year-over-year.
Threat actors are leveraging AI tools like FraudGPT and ElevenLabs to craft convincing phishing campaigns, with 68% of attacks originating from email. “Adversaries are gaining an advantage against the financial sector,” said James McQuiggan, Security Awareness Advocate at KnowBe4. “Traditional defenses are no longer sufficient.” Attackers are shifting from ransomware to data exfiltration and multi-stage extortion, using stolen credentials to evade detection. Analysis of over three million dark web posts shows a 58% rise in infostealer attempts in 2024.
Tests in large financial institutions found 44.7% of employees likely to click malicious links or download infected files, creating significant entry points. However, comprehensive security awareness training reduces this Phish-prone™ Percentage (PPP) to below 5%, emphasizing the role of human risk management.
The U.S. accounts for 60% of ransomware attacks on financial institutions, with the U.S. and U.K. together comprising over 70% of attacks. Emerging markets in South Asia and Latin America are seeing increased activity. A Federal Reserve Bank report notes that a single day’s payment disruption could impact 38% of global network banks.
“Stealing valid credentials is more effective than ransomware because it allows attackers to move undetected,” said McQuiggan. KnowBe4 advocates prioritizing human risk management through training and AI-driven defenses to counter evolving threats.
KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven ‘best-of-suite’ platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization’s biggest asset.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.