Phil Robinson, Founder & CEO at Prism Infosec
The UK’s financial sector is facing an intensifying cyber threat landscape, with attackers becoming increasingly sophisticated and persistent. Recent data suggests a worrying rise in “nationally significant” cyber-attacks; representing nearly half (204) of all incidents in 2025, compared to only 89 the year prior.
A “nationally significant” incident falls in the three highest categories of cyber-attack; Category 1 – a national cyber-emergency; Category 2 – a highly significant incident; and Category 3 – a significant incident. Last year, 4% of attacks were in the second highest category – an increase for the third year in a row.
A recent Bank of England (BoE) report found that UK financial institutions in particular continue to exhibit recurring and sometimes foundational weaknesses in their cyber defences. Furthermore, according to the Government’s 2026 Cyber Security Breaches Survey, despite 89% of finance or insurance firms saying that cyber security was a high priority, just 53% had adopted an incident response plan. Ultimately, it was reported that 44% identified breaches or attacks in the 12 months prior.
For an industry that underpins the global economy, these vulnerabilities represent a possibility for staff, the public and global markets to be put at risk of critical disruption.
Current vulnerabilities
As digital transformation accelerates with greater reliance on cloud services, artificial intelligence (AI) and an interdependent supply chain, the financial sector’s exposure to sophisticated and persistent cyber threats continues to intensify.
Five key vulnerabilities in UK financial institutions’ cyber defences were reported in the BoEs 2025 report;
- Infrastructure and data security – poor system configuration, patching, data and credentials protection and asset management
- Identity management and access control – weak passwords or weak enforcement of strong password standards and overly permissive access controls
- Detection and response – insufficient detection capabilities and ineffective network monitoring
- Network security – ineffective network segmentation and limited application of core cybersecurity principles
- Staff culture, awareness and training – poor awareness of social engineering tactics, insecure credentials storage processes and weak helpdesk protocols
Ultimately, banks and financial institutions are failing to fully consider the underlying causes of cyber risk.
The impact of a breach
For banks, a successful attack could lead to operational shutdowns, financial losses and regulatory penalties. Additionally, customers may lose confidence in the institution’s ability to safeguard their assets and personal information.
There is also the added risk of wider economic disruption; the financial sector is deeply interconnected – one significant cyber incident affecting one institution could potentially have cascading effects across markets and infrastructure.
How to plug these gaps:
Currently, Tier 1 banks and financial institutions may be required to undertake a CBEST assessment as part of the supervisory cycle, their own cyber resilience programme, or after a cyber incident.
However, it is imperative that financial institutions are also aware of, and therefore prepared for, the developing threat landscape, to ensure that further vulnerabilities are identified before they have a chance to be exploited.
There are five key considerations that banks can make:
- Staff training – Cyber security training should be tailored to staff roles, delivered via briefings, online courses, simulations, or reminders, and updated regularly. Organisations should foster a positive security culture where employees understand their role in preventing incidents, remain vigilant against phishing and social engineering, and are encouraged to report concerns.
- Identity and access management – Access to systems should be strictly controlled, ensuring only authorised users and devices can perform actions. Privileged accounts must be periodically reviewed, multi-factor authentication enforced, and credentials adequately protected to prevent lateral movement or privilege escalation.
- Infrastructure, asset management, and application maintenance – Organisations should maintain a complete inventory of assets, including software and legacy systems, to support secure operations and future Post-Quantum Cryptography (PQC) readiness. Regular patching, secure configuration, and ‘allow’ lists reduce vulnerabilities and prevent malicious applications from entering networks.
- Network segregation – Networks should be segmented to prevent lateral movement, restrict attacker access to critical systems, and support monitoring. Zero-trust principles, device hardening, and robust authentication reduce risks from attackers who exploit network knowledge and built-in tools.
- Proactive monitoring, detection, and response – Continuous monitoring, alerting, comprehensive logging, and proactive threat hunting enable swift detection of anomalies and response to incidents. Logs must be secure and tamper-evident, and monitoring processes must adapt to evolving threats to safeguard essential functions.
Cyber resilience is not a one-time initiative but an ongoing process. Threats will continue to evolve, and organisations must continuously adapt their security strategies.
In a world where cyber-attacks are becoming more frequent and more sophisticated, proactive defence is no longer optional. For financial institutions, closing these gaps is essential not only to protect their own operations, but also to safeguard the stability of the wider financial system and national and international markets.
