Cybersecurity in banking: Trends and tactics for 2025 

Banks, from community institutions to global giants, are rapidly digitizing their services and leveraging advanced technologies like artificial intelligence (AI) and machine learning to enhance customer experience. However, this innovation introduces new challenges, such as securing a broader digital footprint.  

• Considerations: Prioritize cybersecurity as a core component of your digital transformation strategy.

While AI technology is known to bolster threat detection and response timing, cybercriminals are weaponizing it for more sophisticated attacks, such as AI-enabled phishing and deepfake scams.

• Considerations: Institutions need to leverage AI and automation to enhance their defenses. In addition, the ongoing investment in employee training is critical to help them recognize and respond to these evolving threats.

With an increase in banking operations migrating to the cloud, robust encryption, multifactor authentication and regular audits have become more essential than ever.

• Considerations: Develop a comprehensive cloud security strategy that includes both technology solutions and regular audits to maintain compliance.

Regulatory agencies have increased their focus on cybersecurity, requiring financial institutions to adhere to strict guidelines and reporting standards. The FFIEC Cybersecurity Assessment Tool (CAT) will no longer be supported as of Aug. 31, 2025. This change leaves organizations searching for a new framework that they can tailor to their needs, while maintaining the ability to meet regulatory requirements.  

• Considerations: Look to treat compliance efforts as a continuous improvement process to maintain resilience. While regulatory agencies have not pointed to a specific framework to be adopted, the goal is that institutions can adopt a framework that continues to evolve as quickly as the threat landscape.  

Financial institutions continue to rely heavily on third-party vendors, which increases risk exposure. Effective risk management practices are essential to mitigate these vulnerabilities.  

• Considerations: Conduct regular assessments of third-party vendors and continue to enforce stringent cybersecurity requirements on your vendors.  

Ransomware attacks continue to be a major threat, with an increase in sophistication and demands. Services such as “Ransomware-as-a-Service”, which are online marketplaces where cybercriminals can leverage ransomware services, make it easier for attackers to launch these attacks. Downtime from ransomware can disrupt operations and damage customer trust.  

• What to do: Implement robust backup and recovery protocols, continue to educate employees to detect and avoid suspicious activity, and invest in endpoint detection tools that can spot ransomware early. Leading organizations continually test their incident response capabilities through efforts such as tabletop exercises. 

As financial institutions increase their usage of cloud services, the risk of cloud-based cyberattacks grows. Attackers are exploiting misconfigurations and inadequate access controls, and there continues to be a lack of monitoring in these environments. Ensuring secure cloud configurations and continuous monitoring is vital. 

• What to do: Conduct regular audits over cloud configurations, enforce strict access controls, ensure 24/7 monitoring of cloud environments to detect anomalies faster and consider bringing in outside consultative help when initially implementing cloud environments to help ensure systems are configured adequately.  

Humans remain the weakest link in cyber defenses as the majority of incidents start with human error. Emerging threats like vishing (voice phishing) and smishing (SMS phishing) compound the risks. The use of AI to create more convincing phishing attacks, such as the use of deepfakes, is on the rise, making it harder for individuals to distinguish between legitimate and malicious communications. All it takes is one wrong click. A single successful phishing attempt can provide attackers with access to sensitive systems, leading to breaches, fraud or ransomware infections.  

• What to do: Conduct ongoing employee training focused on recognizing social engineering attempts, including AI-based attacks, to create a culture of vigilance, implement email filtering and multifactor authentication, and explore technologies to detect these emerging threats. 

Attacks targeting third-party vendors can compromise the security of many institutions. These attacks often involve inserting malicious code into software updates or products. A third-party’s weak cybersecurity posture can become your vulnerability, potentially leading to data breaches or system disruptions.  

• What to do: Perform ongoing due diligence and regular assessments of vendor security practices, including 4th party vendors, establish clear security requirements in contracts and monitor vendor activities closely.  

Insider threats – whether malicious or accidental – pose a significant risk. Employees with privileged access may misuse it intentionally or unintentionally. Insider actions can bypass traditional security measures, leading to data leaks or system compromises without external intervention.  

• What to do: Enforce the principle of least privilege, monitor user activity with logging and alerting and establish clear policies and training to prevent misuse. 

Create, communicate, and regularly test your incident response plans, disaster recovery plans, and business continuity plan to enhance your ability to react appropriately and timely to cyber-attacks. 

Ongoing and tailored cybersecurity training can help mitigate risks associated with social engineering attacks. Organizations should ensure that security awareness training is tailored to address specific risks that are posed to the organization. 

Implement rigorous vetting and monitoring processes for third-party and fourth-party vendors.  

Explore implementation of a zero-trust security model to help protect against unauthorized access and data breaches. 

Keep up to date with regulatory requirements to avoid penalties and enhance overall security posture.