Rising Cyberattacks on Banks

How mid-sized institutions can respond

The threat landscape is intensifying at an unprecedented rate. Cyberattacks on banks have moved beyond the remit of the IT department to become a board-level issue, directly influencing strategic planning, risk appetite, and long-term viability. The stability of the financial sector is now inextricably tied to its digital resilience. In such an environment, a reactive security stance paves the way for operational disruption, regulatory sanctions, and a catastrophic loss of customer trust.

The European Union Agency for Cybersecurity (ENISA) has issued a stark warning: between January 2023 and June 2024, the EU financial sector experienced 488 publicly reported cyber incidents. This is not merely a statistic; it signifies a sustained and escalating assault on the operational integrity and foundational trust of the region’s banking system. For twelve consecutive years, the finance industry has incurred the highest average cost of data breaches globally, a reflection of the high stakes involved.

A Dangerous Vulnerability Gap

While large international banks dominate headlines, it is mid-sized institutions, including savings banks, co-operative banks, and regional lenders, that occupy a uniquely precarious position. These banks hold highly valuable data and assets that attract sophisticated threat actors, yet they often lack the resources of their larger counterparts, creating a dangerous “vulnerability gap“. This asymmetry places them at a serious disadvantage in an escalating contest against highly organised and, in some cases, state-sponsored adversaries.

In this context, proactive, intelligence-led cybersecurity is no longer an optional expenditure but a fundamental determinant of a bank’s long-term success. The narrative must evolve from cybersecurity as a cost centre to resilience as a strategic driver of trust and growth.

Typical Patterns of Cyberattacks on Banks

Understanding the common tactics used by cybercriminals is essential to developing an effective defence. Attack methods have evolved from simple exploits to multi-stage, highly co-ordinated campaigns targeting technology, processes, and people.

Phishing and Social Engineering: Exploiting Trust

Phishing attacks are no longer riddled with spelling mistakes and crude tactics. Modern social engineering is a refined operation. Attackers now employ Artificial Intelligence to produce polished, personalised content, use deepfake voice technology to mimic executives, and leverage QR-code phishing (“quishing”) to evade email filters.

These techniques have become the primary mechanism for initiating fraud. A 2024 report by Tietoevry documented a 156% rise in social manipulation scams and a 77% increase in phishing attacks, underlining the explosive growth of this threat. ENISA confirms that financial institutions are prime targets, with attackers impersonating banks in 36% of social engineering cases, deceiving customers and employees into disclosing sensitive information or approving fraudulent transactions.

Ransomware: From Encryption to Extortion

Ransomware has become industrialised. The advent of Ransomware-as-a-Service (RaaS) platforms on the dark web means that highly effective toolkits can now be rented for as little as $40, lowering the barrier to entry for criminals and fuelling an explosion in attacks. The timeframe between initial breach and full encryption has collapsed from around 60 days in 2019 to just four days in 2024.

Worse still, attackers have adopted a “double extortion” strategy. Before encrypting data, they exfiltrate vast amounts of sensitive corporate and customer data. If the ransom is not paid, they threaten public exposure, compounding the reputational, regulatory, and operational damage. Research from Allianz Commercial shows that the number of cases involving data exfiltration nearly doubled from 40% in 2019 to nearly 80% in 2022, with figures from 2023 tracking even higher.

Supply Chain Compromise: Breaching from the Outside-In

Cyberattacks on banks are increasingly success not by targeting banks directly but by exploiting weaknesses in their digital supply chains. Third-party providers, including cloud vendors, software firms, and data processors, have become a major attack vector. SecurityScorecard’s recent analysis found that 96% of Europe’s top 100 financial institutions were affected by at least one third-party breach in the past year, up from 78% the year before.

The reputational risk is significant. The public rarely blames the third party; responsibility and fallout land on the main institution. The 2023 MOVEit vulnerability, originating in a single file transfer product, triggered a global ripple effect, compromising thousands of downstream organisations and causing estimated damages exceeding $65 billion. This incident underscores the importance of comprehensive third-party risk management.

Insider Threats: Risks from Within

Internal threats are twofold. The first is the malicious insider, a disgruntled or compromised employee who deliberately steals data or sabotages systems. Bitkom reports that 36% of affected companies identified intentional insider actions as the origin of an attack.

Far more common, however, is the negligent insider. These are unintended incidents caused by human error. According to ENISA’s NIS directive reports, 73% of incidents were non-malicious, stemming from system failures (64%) and user mistakes (9%). Misconfigured servers, faulty software updates, or failure to follow established protocols can expose organisations to serious risks, even without malicious intent.

Why Mid-Sized Banks Are Especially Vulnerable

Although all financial institutions face growing threats, mid-sized banks across the EU operate in a uniquely vulnerable position. They are substantial enough to attract sophisticated attackers but often lack the scale, infrastructure, and resources to mount comparable defences.

Cyber disruption has broader economic implications. If a mid-sized institution is paralysed, it can affect entire regions or sectors of the economy. For adversaries seeking to destabilise financial systems, these institutions are prime targets.

The Resource and Expertise Gap

The core challenge for mid-sized banks is the mismatch between their appeal to attackers and their defensive capabilities. They process substantial financial flows and store sensitive data but are constrained by limited budgets and staff.

This gap presents two key problems:

• Budget: Cybersecurity requires sustained investment in modern tools, monitoring, and testing. Mid-sized firms struggle to prioritise these alongside other business needs.
• Talent: The global shortage of cybersecurity professionals has created fierce competition. Mid-sized banks are often unable to match the salaries, benefits, or career opportunities offered by larger corporations or tech firms.

Outdated IT Infrastructure 

A significant and often underestimated vulnerability for many established mid-sized banks is the burden of their own history, embodied in legacy IT systems. Many of these institutions are built on core banking platforms that are decades old, written in languages like COBOL and running on mainframe systems that, while historically stable, have become a significant liability in the modern threat environment. A survey of bank executives found that over 53% were concerned about their dependency on legacy technology and the accumulating “technical debt” it represents. 

These legacy systems create risk in several ways. First, they dramatically widen the attack surface. They were never designed for today’s hyper-connected, API-driven digital ecosystem. As banks layer modern mobile and web applications on top of these old cores, they create complex, brittle, hybrid environments riddled with potential integration vulnerabilities. These older systems inherently lack modern security features like granular Identity and Access Management (IAM) and sophisticated monitoring tools, making them difficult to secure and leaving dangerous blind spots for security teams. 

The Human Element

Human error remains the most unpredictable vulnerability. Whether it’s falling victim to a phishing email or misconfiguring a security system, employees can unintentionally expose the organisation to major risks.

Traditional, generic training is no longer sufficient. The European Banking Authority (EBA) now requires role-specific, regularly updated programmes that address modern attack techniques, including those enhanced by AI.

Immediate Measures to Enhance IT Security

For mid-sized banks, the priority must be raising the baseline. Key interventions include:

• Continuous vulnerability management: Move to always-on vulnerability scanning. Prioritise external systems like VPNs and remote access portals.
• Modern endpoint detection and response (EDR): Replace outdated antivirus tools with real-time behavioural detection systems.
• Incident response & tabletop exercises: Create response plans based on NIST SP 800-61. Regularly run executive-level simulation drills.
• Multi-Factor Authentication (MFA): Extend MFA across all key systems, not just email or VPNs. Combine with least-privilege access policies.

Long-Term Strategies for Resilience

Implementing security infrastructure from the foundation is they key to long-term safety. A business continuity strategy is a comprehensive way to build response and recovery systems, an on-going endeavour to keep you safe.

However, foundational controls are only the beginning. Long-term resilience against cyberattacks on banks requires a modern security model: Zero Trust.

Zero Trust Architecture

Zero trust operates on a core principle: never trust, always verify. It replaces outdated assumptions about internal safety by treating all users and devices as potentially compromised.

Key elements include:

• Strong IAM: Identity is the new perimeter. Robust IAM ensures only verified users gain access.
• Microsegmentation: Divide networks into secure zones. Prevent attackers from moving laterally once inside.
• Least Privilege Access: Only grant the minimum permissions necessary for each user or process.
• Continuous Monitoring: Watch all traffic, user behaviour, and device health in real time. Revoke access when anomalies arise.

Discover a more detailed overview in out whitepaper outlining the benefits of ZTNA vs VPN.

Managed Security Services

For many mid-sized banks, building Zero Trust infrastructure alone is not realistic. Partnering with a Managed Security Services Provider (MSSP) offers a scalable solution.

Benefits include:

• Expertise on demand: Access top-tier talent in threat intelligence, forensics, compliance, and more.
• Enterprise-grade technology: Leverage advanced tools like SIEM, EDR, and real-time threat feeds.
• Cost efficiency: Convert capital expenditure into predictable operational costs, with no upfront outlay.

An MSSP enables banks to activate 24/7 monitoring, incident response, and ongoing threat detection, essential components of Zero Trust in action.

Trust Is the New Currency

In today’s digitised and interdependent financial landscape, cybersecurity is no longer just a technical matter, it’s central to trust, reputation, and market competitiveness.

Mid-sized banks in the EU must rise to this moment. They must stop treating cybersecurity as an IT problem and start seeing resilience as a strategic advantage.

Getronics stands ready to support this transformation, implementing Zero Trust frameworks, improving detection and response, and ensuring compliance with DORA, NIS2, and beyond.

Next step: Book a conversation with our services team or request an executive briefing tailored to your institution’s needs.