Cyber-Attacks on U.S. Banks Are Immense—and Growing

The U.S. financial services industry is one of the most targeted sectors by cyber-attackers and those attacks are escalating quickly in number and sophistication.

In 2015, a report by Websense Security Labs found that banks and other financial institutions were targeted by cyber-attacks four times more often than companies in other industries. In 2019, the financial services firms experienced 300 times more attacks than their counterparts in other sectors, according to a report by the Federal Reserve Bank of New York.

“America is grappling with a cyber insurgency and our financial sector is the number one target,” Tom Kellermann, who served on a cybersecurity commission ordered by President Obama, testified before Congress last June. “Although the sector is generally more secure than other industries, it is facing the world’s elite hackers, composed of organized crime syndicates and motivated nation-states… Geopolitical tension is manifesting in cyberspace.”

According to a report by Mr. Kellerman’s firm, VMWare, cyber-attacks against banks spiked 238 percent between February and April of 2020. More than a quarter of cyber-attacks that year targeted either the financial sector or healthcare, according to the survey, and third of respondents said they encountered an attack leveraging island hopping (where supply chains and partners are commandeered to target the primary financial institution) over the past 12 months.

Financial institutions represent an immense opportunity for cyber-attackers—not only for immediately financial gain through cyber-coercion and other means, but also for the wealth of personal data kept those organizations keep.

“The threat of cyber security may very well be the biggest threat to the U.S. financial system,” Jamie Dimon, CEO of J.P. Morgan, wrote in a 2019 letter to shareholders. “The financial system is interconnected, and adversaries are smart and relentless — so we must continue to be vigilant.”

J.P. Morgan spends $600 million annually on cyber-security. Globally, spending on defenses against advanced persistent threat (APT) attacks is expected to exceed $15 billion by 2026, almost a 20% increase.  

“Given that organizations in the financial services industry are entrusted with highly valuable, personally identifiable information (PII), they represent an attractive target for cybercriminals,” said Anurag Kahol, chief technology officer of Bitglass. “Financial services organizations must get a handle on data breaches and adopt a proactive security strategy if they are to properly protect data from an evolving variety of threats.”