The financial sector in Europe is facing an escalating wave of cyber attacks, the scale of which exposes the industry’s vulnerabilities, including an acute shortage of specialists. New technologies such as artificial intelligence and quantum computers are further complicating the threat landscape, presenting financial institutions with strategic challenges.
Billions of incidents on target
Financial institutions, from commercial banks to fintechs, have become the third most attacked sector in Europe, after public administration and transport. According to Fortinet, 20.8 billion incidents of malicious activity targeting this industry and nearly 309 million incidents involving botnets were reported in EMEA in 2024. The main attack vectors are ransomware, data theft and DDoS attacks to cripple online services.
The situation is exacerbated by the growing threat in the area of mobile banking. A report by the European Union Cyber Security Agency (ENISA) shows a **global increase of 200%** in the number of malware families attacking smartphones in the last 1.5 years. One example is the ‘Godfather’ malware campaign, which, according to the Polish CSIRT of the KNF, impersonated banking apps in order to seize credentials and remotely control user accounts.
A personnel loophole and a technological double-edged sword
One fundamental problem is the worsening staff shortage. As many as 58% of IT managers in European financial institutions consider the skills gap to be the main cause of security breaches. What’s more, the number of cybersecurity professionals in Europe declined by 0.7% year-on-year in 2024. In response, companies are increasingly relying on training and talent development within the organisation. Employees familiar with a company’s culture and structure can implement security procedures more effectively than external experts who lack business context.
At the same time, technological advances work to the advantage of both parties. Artificial intelligence, on the one hand, automates defence and reduces incident response times, while on the other, it enables cybercriminals to create sophisticated phishing campaigns and deepfake content.
“Knowing your adversary’s tools allows you to anticipate what cyber threats may be waiting around the corner and prepare for them. A full understanding of the scale of risk will also help justify the investment at a business level. If the IT director comes to the board of directors and shows a new type of threat that has just hit another bank and cost it 5 billion, that million spent on security to protect against such an attack takes on a completely different meaning,” says Jolanta Malak, regional director at Fortinet.
In the longer term, quantum computers, which in the future will be able to break current methods of encrypting transactions, are becoming a serious threat. Although the technology is still in its infancy, experts are sounding the alarm that the financial sector should already be implementing quantum-resistant (*quantum-safe*) cryptographic strategies to secure the future of digital finance.
