Skip to content

Editor’s Note: Cyber threats targeting the European financial sector have escalated, posing significant risks to banks, financial service providers, and regulatory institutions. The latest ENISA Threat Landscape: Finance Sector report highlights a sharp increase in cyber incidents, including DDoS attacks, data breaches, social engineering schemes, and ransomware. With financial institutions increasingly relying on digital infrastructure, the need for robust cybersecurity policies and regulatory oversight has never been greater. This article explores ENISA’s findings, shedding light on emerging cyber risks and the proactive measures financial organizations must take to strengthen resilience.

Industry News – Cybersecurity Beat

Rising Cyber Threats in Europe’s Financial Sector: An ENISA Overview

ComplexDiscovery Staff

Between January 2023 and June 2024, cyber threats targeting Europe’s financial sector escalated, posing risks to banks, financial service providers, and regulatory bodies. According to the ENISA Threat Landscape: Finance Sector report, the financial industry faced 488 publicly reported cyber incidents, with banks, public financial institutions, and individual customers among the most affected. The report outlines Distributed Denial-of-Service (DDoS) attacks, data breaches, social engineering, fraud, ransomware, supply chain attacks, and malware as the primary threats facing financial entities.

Increasing Cyber Threats in Financial Services

The financial sector has remained a prime target for cybercriminals due to its high-value assets and interconnectivity across digital infrastructure. According to ENISA’s findings, 46% of all reported incidents targeted European credit institutions (banks), making them the most frequently attacked entities. Public financial organizations accounted for 13% of incidents, while individual customers were impacted in 10% of cases, often through phishing and fraud schemes.

DDoS attacks emerged as a dominant threat, with 58% of incidents targeting banks. Many of these attacks were linked to geopolitical events, particularly Russia’s invasion of Ukraine, and involved hacktivist groups disrupting financial operations. Additionally, 21% of DDoS attacks affected governmental financial services, leading to temporary service outages and increased response costs for financial authorities.

Data Breaches and Fraud: The Rising Cost of Cybercrime

One of the most critical findings in the ENISA report is the impact of data breaches and leaks on the financial sector. Cybercriminals exploited software vulnerabilities, third-party service providers, and internal misconfigurations to access sensitive financial data. Nearly 39% of data-related incidents targeted banks, resulting in financial losses, compliance penalties, and reputational damage. The compromised data was frequently sold on dark web marketplaces or used in fraud schemes.

Social engineering attacks, including phishing, smishing, and vishing, were another major concern. These tactics targeted individuals in 38% of cases and banks in 36%, with attackers impersonating trusted financial institutions to obtain credentials and execute fraudulent transactions. Fraud accounted for 6% of all recorded cyber incidents, but the report notes that the true impact is likely underreported due to reputational risks and regulatory concerns.

Ransomware, Malware, and Supply Chain Attacks: Emerging Challenges

Ransomware attacks primarily affected financial service providers (29%) and insurance organizations (17%), causing financial loss (38% of cases), data leaks (35%), and operational disruptions (20%). The ENISA report highlights that ransomware groups have evolved their tactics, employing double extortion schemes, where stolen data is leaked if ransom demands are not met.

Another growing area of concern is supply chain attacks, where cybercriminals target third-party vendors that provide critical services to banks and financial institutions. ENISA identified 29 supply chain-related attacks, many involving ransomware or large-scale data breaches. These attacks exposed customer financial records, disrupted banking operations, and increased regulatory scrutiny on financial entities’ third-party risk management policies.

Malware attacks, particularly mobile banking malware, also surged, with cybercriminals deploying banking trojans, spyware, and credential-stealing applications. Malware campaigns targeted credit institutions (36%) and individuals (24%), leading to large-scale financial fraud, unauthorized transactions, and personal data theft. The ENISA report noted a 200% year-over-year increase in malware families targeting banking applications, underscoring the growing sophistication of financial cyber threats.

Regulatory Response and Cybersecurity Strategies

In response to these threats, European regulators and financial institutions have enhanced security policies, increased compliance measures, and invested in AI-driven fraud detection systems. The Digital Operational Resilience Act (DORA), which came into effect during the reporting period, aims to strengthen financial sector cybersecurity by mandating risk assessments, incident response frameworks, and third-party security audits.

Financial organizations are also adopting multi-factor authentication (MFA), automated threat detection systems, and real-time transaction monitoring to prevent fraudulent activities. The report emphasizes that collaboration among financial institutions, regulators, and cybersecurity professionals is critical to mitigating risks and responding to emerging cyber threats.

Closing the Loop

The ENISA Threat Landscape: Finance Sector report provides a detailed analysis of the increasing cybersecurity challenges facing the European financial sector. The data shows that cybercriminals are exploiting weak links in financial networks, targeting customers, banks, and service providers through a combination of fraud, data theft, ransomware, malware, and DDoS attacks. The growing reliance on digital banking and third-party financial services further underscores the need for stronger cybersecurity policies, enhanced regulatory oversight, and proactive security measures.

As cyber threats continue to evolve, financial institutions must remain vigilant, adopting advanced security frameworks, regulatory compliance measures, and industry-wide collaboration to safeguard their operations. The cost of inaction is high, and as ENISA’s report highlights, the financial sector must continue adapting to stay ahead of an increasingly sophisticated cyber threat landscape.

News Sources

Assisted by GAI and LLM Technologies

Additional Reading

Source: ComplexDiscovery OÜ

The post Rising Cyber Threats in Europe’s Financial Sector: An ENISA Overview appeared first on ComplexDiscovery.

Photo of Alan N. Sutin Alan N. Sutin

Alan N. Sutin is Chair of the firm’s Technology, Media & Telecommunications Practice and Senior Chair of the Global Intellectual Property & Technology Practice. An experienced business lawyer with a principal focus on commercial transactions with intellectual property and technology issues and privacy

Alan N. Sutin is Chair of the firm’s Technology, Media & Telecommunications Practice and Senior Chair of the Global Intellectual Property & Technology Practice. An experienced business lawyer with a principal focus on commercial transactions with intellectual property and technology issues and privacy and cybersecurity matters, he advises clients in connection with transactions involving the development, acquisition, disposition and commercial exploitation of intellectual property with an emphasis on technology-related products and services, and counsels companies on a wide range of issues relating to privacy and cybersecurity. Alan holds the CIPP/US certification from the International Association of Privacy Professionals.

Alan also represents a wide variety of companies in connection with IT and business process outsourcing arrangements, strategic alliance agreements, commercial joint ventures and licensing matters. He has particular experience in Internet and electronic commerce issues and has been involved in many of the major policy issues surrounding the commercial development of the Internet. Alan has advised foreign governments and multinational corporations in connection with these issues and is a frequent speaker at major industry conferences and events around the world.

Read more about Alan N. Sutin
Show more Show less