Financial sector faces AI-accelerated attacks, supply chain threats, and deepfake fraud
Financially motivated attacks drove 90% of breaches affecting banks, insurers, and payment processors in 2025. Data breaches accounted for 64% of incidents, with ransomware making up the remaining 36%, according to analysis of the year's threat activity.
The average cost per breach in finance reached $5.56 million, placing the sector second among all industries by breach cost. Personal data was compromised in 54% of cases, internal organizational data in 35%, and credentials in 22%.
AI compressed attack timelines
Threat actors integrated AI into reconnaissance, vulnerability discovery, and post-compromise activity throughout 2025. Machine learning-powered vulnerability scanning reduced the time between disclosure and active exploitation, creating pressure on institutions managing large, diverse IT environments.
Malware observed during the year displayed adaptive behavior during execution, responding to detected security controls. This capability complicated signature-based detection and extended dwell time across compromised networks.
Generative AI transformed fraud and social engineering operations. Phishing campaigns, business email compromise, and invoice fraud schemes deployed AI-generated content that was contextually accurate and linguistically fluent, bypassing traditional email filtering indicators.
Deepfake voice and video impersonation of executives and relationship managers appeared in documented cases. Attackers used these to pressure employees into authorizing transactions or disclosing sensitive information.
Fraud-as-a-service offerings on underground markets lowered barriers to entry for less technically skilled actors, sustaining high success rates across campaigns targeting financial institutions.
Shadow AI emerged as internal risk
Unmanaged AI adoption within organizations created a separate threat. Shadow AI-AI models or applications deployed without formal security assessment or governance-accounted for approximately 20% of AI-related breaches in 2025.
Among organizations that experienced AI-related security incidents, 97% lacked adequate AI access controls. This gap left systems exposed to unauthorized use and data access.
Learn more about AI for Finance and how to address emerging security risks in financial operations.
Supply chain became primary attack vector
Supply chain compromise contributed to approximately 30% of breaches affecting financial institutions in 2025, a marked increase over prior years. File transfer solutions, managed service platforms, and API-based services were frequent entry points due to their privileged access to sensitive data.
JPMorgan Chase, Citigroup, and Morgan Stanley assessed customer data exposure following a breach at a shared third-party service provider. The incident triggered regulatory response and customer impact analysis across multiple institutions with no direct intrusion of their own systems.
Bybit, a cryptocurrency exchange, suffered a $1.5 billion theft after attackers exploited weaknesses in third-party wallet infrastructure involved in transaction signing.
Ransomware shifted toward data theft
Ransomware affected approximately 12.8% of B2B financial organizations in 2025. Attackers increasingly combined encryption with data exfiltration, threatening public disclosure to apply additional pressure.
Variants including Akira, Datacarry, and BlackLock were among the most frequently observed targeting European financial institutions. Throughout the year, ransomware activity against U.S. financial institutions increasingly prioritized data exfiltration over system encryption.
Even when banking services remained operational, stolen data triggered mandatory disclosure obligations, regulator engagement, and extended investigations.
Hacktivists and state actors sustained pressure
Banks accounted for approximately 69% of hacktivist attacks targeting the financial sector in 2025. Groups including NoName057(16), Keymous+, and DarkStorm Team ran DDoS campaigns against European financial institutions, with attack peaks correlating with elections and periods of heightened political tension.
State-aligned advanced persistent threat actors continued targeting financial institutions for intelligence collection and strategic positioning, using zero-day vulnerabilities and long-term access strategies. Geopolitical instability sustained elevated levels of disruptive activity across the sector throughout the year.
For security professionals managing these threats, the AI Learning Path for Cybersecurity Analysts covers AI-accelerated attacks, malware behavior, and defense strategies.
Your membership also unlocks:
