Why financial services is a top target for cyberattack

Financial services sector a top target for cyberattack - Fintech

Why is the financial services sector a top target for cyberattacks and under threat like never before? With over a quarter (28%) of cyberattacks in 2022 hitting financial services and the insurance industry, this is a question our clients frequently ask us.

Further information from the Information Commissioner’s Office (ICO) financial services claims there has been a threefold increase in the number of reports they have received comparably to last year. Arguably the pension sector has been the most affected by cyberattacks over the past two years. They have cited a shift from six attacks in 2021/2022, to 246 in 2022/2023. These troubling figures are only the beginning of what seems to be a rising epidemic of cyberattacks against financial services.

With the financial industry continuing to be the target of choice for cybercriminals and facing a range of threats, it has become a ‘one-stop-shop’ for the perpetrators. That’s because it provides the essential funding the black-market underworld require. They follow a path of stealing sensitive data to open fake accounts and lines of credit needed for survival.

So, in this blog post we’re going to take a closer look at the cybersecurity threats the financial services sector faces and why. Read on for the following points:

Why is the financial services sector a top target for cyberattacks and where do the threats come from?

When considering why financial services firms are vulnerable, remember the threat isn’t just aimed at the obvious targets. These assumed targets are often the big consumer banks and building societies. In fact, Richard Breavington, Partner and Head of Cyber and Tech Insurance at RPC emphasises that “so many financial firms, especially pension schemes, have suffered some form of cyber-attack, resulting in a data breach”. Therefore, the concern is widespread across the financial services sector, as many different firms have reported attacks.

Barracuda Networks further highlights that small enterprises are three times more likely to be the target of cyberattacks. This is due to many more undertrained staff and quick decisions to pay a ransom, as they may lack the funds to invest in cybersecurity solutions.

So, when learning how to protect your company from cyberattacks, it pays to know your enemy. On the one hand, cyberthreats can derive from common script-kiddies who don’t write malicious code but use existing techniques. However, the more serious perpetrators can be organised crime organisations and state-sponsored actions.

State-sponsored threats are particularly insidious and disruptive. This type of attacker sees the global financial sector as a tempting target due to its importance to national economies. And the state sponsored cybercriminal-in-chief is currently North Korea. In the last few years, the nation has been implicated in financially motivated attacks in over 30 other countries.

What’s particularly worrying is that North Korea’s advanced tactics, techniques, and procedures (TTPs) are being duplicated by others. The spread of these TTPs means that the cybercriminal community can continue the attacks before any response.

State-sponsored attackers and cybercriminals may carry out similar activities. By stealing financial data, they can monitor and track specific individuals. This can also extend to large international deals in key industries, to seek further opportunities for exploitation.

What motivates financial services cyberattacks?

A report from F-Secure breaks down what motivates the various individuals, groups and states involved in cybercrime. They defined three distinct groups: data theft, data integrity and sabotage, and direct financial theft. This insight is key to understanding why various threat actors might target your business. From there you can then more accurately measure your cyber risk, work out how to protect your company from cyberattacks, and implement appropriate methods of protection.

For example, where the criminal’s motivation is to target your data integrity or sabotage, they will usually tamper with, disrupt, or destroy systems using ransomware and distributed denial of service (DDoS) attacks.

In today’s ever evolving threat landscape, there are now a range of techniques used to steal funds. From phishing to credential stuffing, perpetrators work across the spectrum of systems. This includes Swift payment operators, inter-bank payment switch applications and automated teller machines (ATMs).

More sophisticated threats include the use of distractive malware and supply chain compromises. Some cybercriminals even go so far as to create customised TTPs for a specific target.

How to protect your business from a cyberattack – know the three key threats


Phishing is considered the main cyberthreat today, accounting for 83% of attacks against UK businesses in 2022. Due to their reliance on digital platforms, the financial services industry is a top target for phishing cyberattacks. And, with the rise of AI it is easier than ever for threat actors to impersonate with conviction. Overall, phishing is a simply calculated and malicious way to steal information, where the victim may unknowingly hand over sensitive data.

Credential stuffing

This is a type of cyberattack where stolen account credentials are used to gain unauthorised access to user accounts. This consists of listing paired up usernames (and/or email addresses) and the corresponding passwords, through large-scale automated login requests directed against a web application.

This has affected many small businesses and big corporations similarly over the past year by attacking their customer base or clients. For example, in December 2022 online payments company PayPal suffered a credential stuffing attack compromising over 35,000 customers’ accounts.

Cybercriminals can make money this way by hijacking accounts or reselling the lists they create. As such, there is a growing underworld economy whose purpose is to target financial services organisations and their customers.


Cybercriminals have also started launching DDoS attacks as a distraction to conduct credential stuffing attacks or to exploit a web-based vulnerability. Between 2021 and 2022 researchers claimed that DDOS attacks against financial services sector rose by 4%. These numbers increased particularly due to nation-state attacks associated with the Ukraine conflict.

You can’t afford to take your eye off the tried and tested threats

Despite the threat landscape evolving and becoming more sophisticated, criminals are constantly recycling old attack methods. According to US tech business, Akamai, in their 2019 State of the Internet/Security Financial Services Attack Economy Report, 94% of all observed attacks against the sector came from one of just four well-known methods.

These are SQL injection (SGLi), local file inclusion (LFI), cross-site scripting (XSS) and OGNL Java injection. What’s more, these threats continue to be used by attackers years after patches to protect against them were issued.

Despite this, the financial services sector is bettering their protection, both for themselves and their customers. And it is important that you can also detect, analyse, and defend against intelligent and motivated criminals. Remember that cybercriminals are equipped with multiple, simultaneous, and near-constant methods of attack to try and outsmart you.

So, should you be worried?

We think every kind of business in the financial services sector, here in London and beyond should know much more about how to protect your company from cyberattacks.

Look at what just some cybersecurity professionals in the industry have reported:

Virtualisation and cloud infrastructure firm VMW conducted a survey of 201 UK-based IT security professionals who work in the financial services industry. Shockingly, 90% of respondents stated they have to make compromises which could leave other areas exposed when protecting against cyberthreats.

Considering financial services is a top target for cyberattacks, in 2020 it was reported that almost a quarter (23%) of the sector had not trained its staff against threats.

New technologies and the age-old threat

New technologies such as cloud computing and Artificial Intelligence (AI) seem to promise a bright and more secure future for the financial services sector.

However, the cybercriminal community is swiftly catching up. Each technology must be considered carefully on their merits and in line with the needs of your enterprise, your operations, your objectives and, of course, your budgets.

Sadly, the weakest link in your cyber security chain is still most likely to be your people. Regardless of the cyberthreats criminals deploy, they will continue to exploit people’s mistakes. Most security breaches remain down to basic human error, sloppy security, weak passwords, and devices left on and unprotected.

Staff training is always key to boosting your cybersecurity skills and betters your chances against a possible attack. Follow our eight ways you can train your people to protect your company from cybercriminals.

Don’t leave your cybersecurity to chance, leave it to us

At totality services we’ve got a wide range of experience working with small and medium-sized businesses in London’s financial services sector. Since our formation in 2008, we’ve supported many financial firms, from hedge funds and private equity firms to assent managers.

From that time, we’ve become the financial service sector’s managed IT services provider and cybersecurity team of choice. We deliver a portfolio of best-fit, best-in-class solutions to keep your IT infrastructure, data, IP, confidential client information, application availability and business continuity protected.

So why not talk to the expert and award-winning team here at totality services? We’ve earned Five Star customer service ratings from TrustPilot, Feefo and Google and become the go to IT support team for London. Simply call us for a confidential, no obligation chat about your requirements.