Heightened Cyber Threats are Testing the Operational Resilience of the Financial Sector

Heightened Cyber Threats are Testing the Operational Resilience of the Financial Sector

Annual FS-ISAC report cites threat actors leveraging GenAI for fraud and supply chain attacks as key risks

Reston, VA, May 19, 2025 – FS-ISAC, the member-driven, not-for-profit organization that advances cybersecurity and resilience in the global financial system, today released the findings of its annual report on cyber threats and trends, Navigating Cyber 2025.

The report highlights the top cyber threats challenging the financial services sector today, including surging fraud and scams enabled by generative AI (GenAI), attacks on suppliers that impact critical operations, more opportunities for threat actors to exploit geopolitical and economic conflict and uncertainty, and the increasing sophistication of long-established attack types such as distributed denial of service (DDoS) attacks and ransomware. The report also provides key predictions for 2025 and beyond, offering firms valuable insights to help strengthen their cybersecurity programs.

“The report’s findings underscore the complexity and unpredictability of today’s threat landscape,” said Steven Silberstein, CEO, FS-ISAC. “The global financial sector’s interconnectedness with the supply chain and its ongoing incorporation of emerging technologies add to the challenges. Cross-border collaboration and proactive intelligence sharing are essential to safeguarding the global financial system.”

In order to maintain stakeholder trust and stay ahead of nimble threat actors, financial firms are expected to:

  • Increase investment in fraud prevention: Threat actors are leveraging real-time payments and cryptocurrencies to make it virtually impossible to recover ill-gotten funds, prompting financial institutions to heighten their focus on fraud and scam prevention and detection. Firms will implement strategies like “smart friction,” implementing increased security measures in the user experience to slow payment authorizations. Additionally, breaking down silos between fraud and cyber teams and sharing fraud intelligence will be essential to effectively combat the cross-border, cross-sector nature of fraud.
  • Leverage AI in cyber defense, while keeping up the basics: Adversaries are harnessing GenAI advancements to increase the volume and sophistication of their attacks, lowering the barrier of entry for high-impact incidents. Impersonation scams, such as deepfakes targeting C-suite executives and fake outsourced IT workers, will compel firms to prioritize foundational cyber hygiene practices, including robust employee training.
  • Strengthen focus on effective third-party risk management: In 2024, multiple high-profile third-party incidents kept the sector on alert. Many institutions rely on the same service providers, increasing the likelihood of sector-level impact in the event of an attack. In addition to an increased focus on API security to minimize chances of systems access in case of third-party attacks, new resilience regulations will require more proactive monitoring of supplier security postures.
  • Shorten timelines for post-quantum readiness: A spate of announcements on quantum computing advancements means that financial firms must begin the process of migrating their most vulnerable assets to crypto agile encryption algorithms that will be able to adapt quickly to the quantum age.

“The ever-changing cyber threat landscape means each year is unprecedented in nature, with threat actors leveraging every available tool to disrupt operations and undermine trust in the financial sector,” said Teresa Walsh, FS-ISAC’s Chief Intelligence Officer and Managing Director, EMEA. “To ensure operational resilience, firms must adopt a forward-looking cyber posture that incorporates proactive threat modeling, agile defense capabilities, and cross-border collaboration.”

Methodology

The Navigating Cyber 2025 report is sourced from FS-ISAC's more than 5,000 financial firm members in 75 countries and further augmented by analysis by the Global Intelligence Office. Multiple streams of intelligence were leveraged for the curation of the round-up, which examined data from January 2024 – January 2025. The publicly accessible version of the report can be found here.

About FS-ISAC

FS-ISAC is the member-driven, not-for-profit organization that advances cybersecurity and resilience in the global financial system, protecting the financial institutions and the people they serve. Founded in 1999, the organization’s real-time information-sharing network amplifies the intelligence, knowledge, and practices of its members for the financial sector’s collective security and defenses. Member financial firms represent $100 trillion in assets in 75 countries.

Contacts for Media
media@fsisac.com

                                                                                                             +++