Cyber Defense in the Financial Sector: Securing the Infrastructure Behind America’s Economic Power
Every U.S. military operation depends on a stable and secure financial infrastructure. Payroll for 2.1 million service members moves through commercial banks. Defense contractors rely on credit markets to fund production. Treasury’s sanctions—the nation’s most effective non-kinetic weapon—require a functioning financial system. Yet this infrastructure faces escalating, sophisticated cyberattacks that have doubled since the pandemic1 and now cost the sector an average of $6.08 million per breach—22% higher than the global average and the second-highest among industries.2
The threat landscape has intensified dramatically. In 2024 alone, 65% of financial institutions worldwide experienced ransomware attacks, nearly double the 34% reported in 2021.3 The financial services sector takes an average of 233 days to detect and contain a breach4—more than seven months during which adversaries can map networks, exfiltrate data, and position themselves to disrupt operations at will. These are not isolated incidents: 46% of financial institutions reported experiencing a data breach in just the past 24 months.5
Recent attacks demonstrate the sector’s vulnerability. In July 2024, a ransomware attack on C-Edge Technologies—a joint venture between India’s State Bank and Tata Consultancy Services—forced 300 small and regional banks offline, disrupting payment systems for millions of customers.6 The attack exploited a misconfigured Jenkins server to deploy RansomEXX malware, severing banks from India’s retail payment network for days. While these institutions represent only 0.5% of India’s payment volume, the incident exposed how a single technology provider can cascade risk across an entire financial ecosystem. It was a warning: the infrastructure that connects modern finance is only as resilient as its weakest node.
The scale of financial exposure has grown in parallel. According to the IMF’s April 2024 Global Financial Stability Report, extreme losses from cyber incidents have more than quadrupled since 2017, reaching $2.5 billion per event.7 Indirect costs—including reputational damage, regulatory fines, and security upgrades—run substantially higher. For breaches involving 50 million or more records, total costs average $375 million.8 The financial sector’s unique interconnectedness amplifies these risks: a severe incident at one institution can erode confidence across the system, potentially triggering deposit outflows or disrupting critical payment networks that underpin daily economic activity.
Nation-state actors have refined their approach to financial institutions. North Korea’s Lazarus Group has stolen over $3 billion from financial institutions worldwide since 2016,9 with recent campaigns targeting SWIFT messaging systems that process over $40 trillion in annual payment messages across 11,000 institutions in 200+ countries.10 According to security assessments, more than 80% of banks in the U.S. and Europe and over 90% of banks in GCC countries have experienced cybercriminal attempts to misuse the SWIFT network for cross-border fraud since 2016.11 China’s cyber operations focus on mapping institutional dependencies—understanding how banks, clearinghouses, and payment processors interconnect12—intelligence that could enable Beijing to delay or disable financial flows during a crisis, creating cascading effects across defense supply chains precisely when U.S. readiness depends on liquidity and rapid capital access.
This military-financial dependency creates strategic vulnerability. Defense supply chains operate on thin margins and tight payment schedules; even short-term disruptions could slow weapons production, maintenance, or logistics. The credibility of U.S. sanctions—one of America’s most powerful foreign policy tools—depends entirely on the integrity of the financial systems that adversaries are actively probing. Russia has paired its response to Western sanctions with targeted cyber operations against financial institutions, using digital disruption to signal that economic coercion carries reciprocal risks.13
Third-party vulnerabilities compound the problem. Financial institutions increasingly rely on external IT service providers, creating concentration risks that are difficult to assess and monitor. The July 2024 CrowdStrike outage revealed that banks that outsourced payment processing to SWIFT service bureaus found themselves unable to execute transactions even though they did not use CrowdStrike’s services directly.14 Smaller institutions, lacking resources for robust third- and fourth-party risk management, are particularly exposed. In 2024, SWIFT made Control 2.8 (‘Outsourced Critical Activity Protection’) mandatory across all architectures, recognizing that 60% of financial disruptions now originate from third-party breaches.15
Legacy technology amplifies these risks. Much of the financial sector still relies on COBOL-based systems from the 1960s, linked to modern fintech platforms through interfaces never designed for today’s threat environment.16 These connections create broad attack surfaces: a single vulnerable regional bank can serve as an entry point into the larger network through correspondent relationships. Meanwhile, 82% of financial institutions over-rely on web application firewalls that are inadequate against zero-day exploits and modern application attacks. Fewer than 25% of institutions report confidence that their current security controls could mitigate a zero-day attack.17
Regulatory fragmentation adds further complexity. Financial institutions must navigate overlapping cybersecurity mandates from the Federal Reserve, OCC, FDIC, SEC, CFTC, FinCEN, and state regulators—each with distinct frameworks and reporting standards. Despite security spending reaching 11.6% of IT budgets, compliance often consumes more resources than actual threat defense. Ninety-three percent of financial services organizations report difficulty maintaining compliance, citing a lack of resources, cumbersome manual processes, and significant time commitments. As a result, 64% received an identity-related audit citation over the past two years.18 Yet despite rising investment, prevention effectiveness in the banking, financial services, and insurance sector improved only from 67% to 68% between 2023 and 202419—a marginal gain against the growing sophistication of adversaries.
The workforce challenge deepens this imbalance. Financial services organizations compete with technology firms for cybersecurity expertise in a market where demand exceeds supply by roughly 4:1. Many mid-sized institutions, which collectively process trillions of dollars in transactions, lack full-time cybersecurity personnel. Employees at large financial organizations have access to an average of 20 million files on their first day. In contrast, 70% of sensitive files in the industry are stale, and 449,855 are exposed, 36,004 of which are accessible to everyone in the organization.20 This combination of access sprawl, understaffing, and fragmented tools creates systemic vulnerability.
The human element remains a persistent vector. In 2024, 68% of breaches involved a human element—whether through compromised credentials, phishing, or misconfigurations. Phishing accounted for 16% of all breaches in the financial sector, while compromised credentials accounted for 15% and cloud misconfigurations accounted for 12%.21 Even as detection capabilities improve, attackers exploit the gap between technical controls and human behavior. It takes financial institutions an average of 168 days to identify an attack and an additional 51 days to contain it22—219 days total during which threat actors operate inside networks, escalating privileges and positioning for maximum impact.
Three lessons emerge from the financial sector’s current threat environment:
First, economic and military power are interdependent in cyberspace. Undermining financial stability can constrain U.S. defense capacity as effectively as disrupting physical supply chains. Every dollar delayed in defense contractor payments, every hour of downtime in clearinghouse systems, represents potential degradation in readiness.
Second, regulatory compliance alone cannot ensure security. A proliferation of overlapping standards risks creating administrative confidence without operational protection. Financial institutions spend more time documenting controls than testing whether those controls actually prevent breaches. The sector’s marginal improvement in prevention effectiveness—despite substantial budget increases—suggests that regulatory burden may be displacing investment in adaptability and threat intelligence.
Third, the nation lacks macro-level visibility into systemic cyber risk. Policymakers cannot yet quantify how vulnerabilities in financial infrastructure would cascade through defense operations or the broader economy. When a single technology provider can take 300 banks offline, when a supply-chain partner’s outage can halt payment processing across institutions, the system’s resilience depends on understanding these interdependencies—and currently, no comprehensive framework exists to assess or address them.
The financial system demonstrates that cybersecurity is not simply about business continuity; it is about safeguarding the infrastructure that funds, sustains, and legitimizes national power. Every sector—from manufacturing to defense—depends on it. Protecting America’s financial networks must therefore be understood as part of preserving the nation itself. The question is not whether the financial sector will face more sophisticated attacks, but whether it will build the resilience necessary to withstand them without compromising the economic foundation on which U.S. security depends.
Endnotes
1 Fabio Natalucci, Mahvash S. Qureshi, Felix Suntheim, “Rising Cyber Threats Pose Serious Concerns for Financial Stability,” International Monetary Fund, April 9, 2024, https://www.imf.org/en/blogs/articles/2024/04/09/rising-cyber-threats-pose-serious-concerns-for-financial-stability
2 IBM, “Cost of a data breach 2024: Financial industry,” IBM Security, July 30, 2024, https://www.ibm.com/think/insights/cost-of-a-data-breach-2024-financial-industry
3 Chester Avey et al., “Ransomware attacks in finance hit new high,” Invenio IT, updated September 30, 2025, https://invenioit.com/continuity/ransomware-attacks-finance/
4 “Top Cybersecurity Statistics for 2024,” Cobalt, April 14, 2025, https://www.cobalt.io/blog/cybersecurity-statistics-2024
5 “46% of financial institutions had a data breach in the past 24 months,” Help Net Security, December 20, 2024, https://www.helpnetsecurity.com/2024/12/20/financial-industry-data-breaches/
6 “Ransomware attack cripples payment systems at nearly 300 small Indian banks,” Business Today, August 1, 2024, https://www.businesstoday.in/technology/news/story/ransomware-attack-cripples-payment-systems-at-nearly-300-small-indian-banks-439639-2024-08-01
7 See note 1.
8 See note 3.
9 U.S. Department of Justice, “Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe,” February 17, 2021, https://www.justice.gov/archives/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and
10 “Attacking the SWIFT Banking System,” Packetlabs, February 6, 2025, https://www.packetlabs.net/posts/attacking-the-swift-banking-system
11 Ibid.
12 U.S.-China Economic and Security Review Commission, “China’s Cyber Capabilities: Warfare, Espionage, and Implications for the United States,” November 14, 2022, https://www.uscc.gov/sites/default/files/2022-11/Chapter_3_Section_2–Chinas_Cyber_Capabilities.pdf
13 Caroline Roach, “Banks: Russia steps up cyberwar against financial system,” PYMNTS, March 2, 2022, https://www.pymnts.com/news/2022/banks-russia-steps-up-cyberwar-against-financial-system/
14 “Securing Financial Messaging: Addressing SWIFT CSP & SNB SIC Requirements,” EY, September 23, 2025, https://www.ey.com/en_ch/insights/cybersecurity/swiss-banks-2025-swift-snb-sic-security-compliance
15 Ibid.
16 Electronic Payments International, “COBOL: a ticking time bomb in the financial system,” January 24, 2024, https://www.electronicpaymentsinternational.com/news/cobol-a-ticking-time-bomb-in-the-financial-system-sliverflow-ceo/
17 “Two-Thirds of Financial Institutions Faced Cyberattacks in 2024,” Security Magazine, April 8, 2025, https://www.securitymagazine.com/articles/101524-two-thirds-of-financial-institutions-faced-cyberattacks-in-2024
18 See note 5.
19 “Financial Services Cybersecurity: 2024 Performance in Banking, Financial Services, and Insurance (BFSI),” Picus Security, December 26, 2024, https://www.picussecurity.com/resource/blog/financial-services-cybersecurity-performance-2024
20 “139 Cybersecurity Statistics and Trends [updated 2025],” Varonis, October 24, 2025, https://www.varonis.com/blog/cybersecurity-statistics
21 See note 2.
22 Ibid.
