Richard K. LaTulip, Field Chief Information Security Officer at Recorded Future
As the financial sector prepares for 2026, one theme rises above all others: resilience. Not just the ability to recover from a cyber incident, but the capacity to anticipate threats, absorb disruption, safeguard customer trust, and maintain operational continuity under pressure. Financial institutions sit at the centre of global economic stability. That position brings regulatory scrutiny, high-value data, and a threat landscape that accelerates faster than traditional controls can adapt.
What follows is a look ahead at the forces that will shape cyber risk for banks, insurers, asset managers, fintechs, and market infrastructure providers – and the steps leaders must take to remain resilient in 2026.
The six forces shaping financial cyber risk in 2026
- Social engineering will escalate – and adversaries will imitate the most effective groups
Groups like Scattered Spider have shown how damaging multi-channel social engineering can be. In June 2025, the group disabled three insurance companies in just five days. Their success stems from disciplined impersonation and coordinated communication tactics that exploit human trust via SMS, voice calls, chat applications, and SIM-swapping. The financial sector is especially appealing because many high-value processes, such as wire verification, account recovery, trading desk workflows, and claims management, still rely on human interaction.
In 2026, more adversaries will replicate these methods. Social engineering will become the preferred attack method for financially motivated actors, not because technology is weak, but because humans remain the easiest entry point.
To counter this trend, institutions must go beyond annual awareness training. They need realistic, role-specific simulations and continuous reinforcement that empower employees. Simply training them to detect and resist sophisticated deception in real time is no longer enough.
- Third-party risk will be the sector’s most significant vulnerability
Few industries are as interconnected as financial services. Institutions rely on hundreds, often thousands, of third-party vendors, cloud platforms, core processors, data-analytics providers, and fintech integrations. In 2026, this interconnectedness will become the industry’s most consequential exposure.
Attackers understand that compromising a vendor can provide indirect access to dozens of downstream institutions. Many of these service providers operate with leaner security controls, creating a path of least resistance for highly motivated adversaries.
At the same time, regulatory expectations are increasing. Frameworks like the Digital Operational Resilience Act (DORA), updated guidance from the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC), and the United Kingdom’s Prudential Regulation Authority (PRA) now emphasise continuous monitoring, concentration risk, and operational resilience, including incident response and recovery, rather than point-in-time assessments.
For financial institutions, the path to resilience will require treating vendor ecosystems as extensions of their own infrastructure. Real-time visibility, contractual guardrails, intelligence-led monitoring, and collaborative incident-response planning will be essential.
- Ransomware will fragment and professionalise
Ransomware will remain a top threat in 2026, but its structure is changing. Large, brand-name ransomware groups are under mounting pressure from law enforcement actions, sanctions, and infrastructure disruption. As a result, these groups are splintering into smaller, agile crews that focus on precise, low-noise operations.
These groups will avoid the outsized ransom demands that attract global attention. Instead, they’ll pursue calibrated amounts designed to appear “practical” compared to the cost of downtime, regulatory reporting, and reputational damage. Artificial intelligence (AI) will increasingly guide reconnaissance, target selection, and exploitation, granting these smaller groups an efficiency once reserved for major criminal enterprises.
For financial institutions where service availability, customer trust, and regulatory expectations are non-negotiable, this evolution makes rapid detection, deep visibility, and intelligence-driven response more essential than ever.
- AI: the new force multiplier for both attackers and defenders
AI will become the most disruptive variable in financial-sector cybersecurity in 2026, because both sides of the threat landscape will be using it.
For attackers, AI will accelerate reconnaissance, generate highly convincing impersonation attempts, craft adaptive phishing and vishing campaigns, and correlate exposed financial data at speeds human operators cannot match. A small crew equipped with AI-optimised tools can now mimic the operational capacity of a much larger criminal organisation.
For defenders, AI is becoming inseparable from daily security operations. Fraud teams will rely on AI-driven anomaly detection. Security operations centres (SOCs) will depend on intelligent triage, automated enrichment, and machine-speed threat-correlation. Identity and access programs will increasingly use behavioural AI to detect deviations across accounts, payment flows, and authentication events.
The financial sector’s advantage lies in integrating AI responsibly balancing automation with oversight, accuracy with governance, and speed with regulatory expectations. Institutions that operationalise AI effectively will widen the gap between their defensive capabilities and the evolving tactics of threat actors.
- The rise of agentic AI: autonomous threats at machine speed
In early 2025, I witnessed a researcher run an agentic AI-driven attack simulation against a financial network in a controlled setting. A single operator oversaw an AI “team” capable of carrying out every phase of the attack: reconnaissance, exploitation of enterprise vulnerabilities, lateral movement, identification of intellectual property, data encryption, data exfiltration, and even simulated ransom negotiations. At that time, it was considered an experiment.
Fast forward to today, and agentic AI is beginning to appear in live networks. The recent espionage campaign uncovered by Anthropic, linked to a state-sponsored threat actor operating across multiple sectors, proved that these capabilities are no longer confined to research labs. Agentic systems can independently plan, iterate, and execute multi-stage cyber operations with minimal human oversight. This evolution goes far beyond traditional automation; it allows adversaries to conduct continuous reconnaissance, chained exploitation, autonomous lateral movement, and adaptive evasion techniques at scale.
By 2026, these capabilities will develop quickly and will no longer be limited to nation-state actors. Agentic AI will enhance the speed, scale, and sophistication of adversaries targeting the financial sector. Institutions that recognise this early will be better positioned to adapt their defences accordingly, incorporating AI oversight, real-time intelligence, and ongoing validation into their resilience plans.
- Quantum computing: not an immediate threat, but an emerging responsibility
Quantum computing won’t be easily accessible to financially motivated cybercriminals in 2026. The technology remains costly, complex, and mostly limited to nation-states and multi-billion-dollar organisations. Nonetheless, this doesn’t lessen the urgency for financial institutions.
Threat actors are already carrying out ‘harvest now, decrypt later’ operations, stealing encrypted data today with the anticipation that widespread access to large-scale quantum computing will ultimately enable them to decrypt it. Since financial institutions depend heavily on cryptography for transactions, identity verification, authentication, and privacy, the sector must start preparing now.
By late 2026, quantum resilience will shift from a theoretical discussion to a board-level priority. Inventories of cryptographic assets, readiness assessments, and long-term transition plans to quantum-safe standards will become foundational to the sector’s security posture.
Resilience as a strategic advantage
For financial institutions, resilience is now a strategic differentiator. The leaders of 2026 will be those who recognise that the threat landscape is being reshaped by both human adversaries and increasingly by autonomous systems capable of operating at machine speed. Resilience will require intelligence-led defence, responsible AI adoption, rigorous oversight of third-party ecosystems, and continuous readiness across the workforce.
As agentic AI, advanced social engineering, and quantum-driven risks continue to evolve, so must the sector’s approach to security. The threats will accelerate, but so will the tools available to defend against them. In financial services, resilience will help the sector emerge stronger in the wake of disruption.