Supply Chain and Identity Attacks Target Financial Sector

- Research from early 2025 shows that nearly six in ten (58%) large UK financial services firms were hit by at least one third-party supply chain attack in 2024, with 23% experiencing three or more such incidents. Firms that continuously assess third-party risk with dedicated tools see significantly fewer attacks (32%) compared to those who only assess risk at onboarding (68%). - The U.S. Securities and Exchange Commission (SEC) has enacted new rules requiring financial institutions to report significant cybersecurity incidents within a set timeframe and to annually disclose their cybersecurity risk management strategies. This move toward greater transparency and accountability is mirrored by regulations like the EU's Digital Operational Resilience Act (DORA), which also emphasizes comprehensive risk management and resilience against information and communication technology threats. - Phishing remains a primary vector for attacks in the financial sector, with such attacks increasing by 17.1% between April 2024 and April 2025. In the Middle East and Africa, information stealers are a major issue, with logs from over 1.2 million infected devices available on underground markets in 2023. - To combat identity-related fraud, which accounts for 42% of all suspicious banking activity, financial institutions are increasingly adopting digital identity verification solutions. These technologies leverage biometrics, liveness detection, and multi-factor authentication to secure processes from remote customer onboarding (eKYC) to transaction authorization. - The adoption of real-time payment networks is growing, with The Clearing House's RTP network processing 343 million payments worth $246 billion in 2024. The newer FedNow service, launched in July 2023, processed 1.5 million payments totaling $38 billion in its first full year and has seen adoption by over 1,300 institutions. - AI and machine learning are becoming critical for fraud detection, enabling the analysis of vast datasets to identify subtle patterns indicative of fraudulent activity. Techniques like behavioral biometrics, which analyze keystroke dynamics and other user interactions, are being used to detect anomalies and prevent account takeovers without adding friction for legitimate users. - Ransomware attacks continue to surge, with a 74% global year-on-year increase in the number of companies having their data leaked on dedicated sites in 2023. In the MEA region, ransomware attacks increased by 68%, with financial services being one of the most common targets. - Regulators are now scrutinizing third-party and cloud risks more heavily, expecting financial institutions to conduct formal vendor risk assessments and continuous monitoring. This focus is driven by the fact that in 2024, 97% of the largest U.S. banks and 100% of top European financial firms suffered breaches linked to third-party vendors.