New report shows finance and banking is amongst the most targeted sectors in EMEA by cybercriminals
KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human and AI agent risk management, today released a new report "Cyber Risk in Finance and Banking Across EMEA". The report reveals that the finance and banking sector in Europe, the Middle East and Africa (EMEA) is facing escalating cyber risk, driven by rapid digital transformation, increasingly sophisticated threat actors and the ongoing challenge of ensuring that employees can recognise and respond to evolving threats.
It also shows that financial institutions are increasingly adopting artificial intelligence (AI) and other emerging technologies in the pursuit of efficiency, customer-centric innovation, scalability, and competitive advantage. However, this integration creates a broader attack surface, leaving the sector more vulnerable to cyber threats.
The finance and banking sector, a lucrative target because of its data-rich nature and critical role in the economy, is experiencing a surge in cyberattacks, leading to significant financial losses, operational disruptions and reputational damage. With humans remaining the most prevalent attack vector, the report highlights the importance of developing employees into an organisation's strongest security asset.
Key findings:
- Africa and the Middle East hardest hit: These two regions experience the highest number of incidents in the finance and insurance sector, accounting for 27% of all cases.
- The second most targeted sector in Europe: The finance and banking sector accounts for 18% of cyber incidents in Europe, making it the second most targeted. Globally, this figure rises to 23%.
- High costs of data breaches: The average cost of a data breach in the sector is approximately $5.56 million (€4.77 million) in 2025, second only to the healthcare sector.
- Operational downtime: Financial institutions experience an average of 15 days of downtime following a ransomware incident, with some extreme cases lasting several months.
- Key drivers of cyber threats: The sector's appeal to cybercriminals stems from its adoption of digital technologies, reliance on third-party service providers, concentration of high-value personal data and financial assets and their critical role in the economy.
- Human-centred attack methods dominate: Social engineering and phishing remain the most common tactics, demonstrating why organisations must invest in developing their employees’ security capabilities alongside technical defences.
- AI-assisted attacks: AI-assisted tactics are escalating the frequency and sophistication of cyberattacks within the sector. Notably, in Africa, Business Email Compromise (BEC) attacks are becoming more advanced through Cybercrime-as-a-Service (CaaS) and AI-driven schemes, leveraging generative AI and deepfake technology. These innovations enable the creation of highly convincing emails and impersonations, amplifying the scale and authenticity of attacks and posing a massive risk to financial institutions.
"The finance and banking sector remains a prime target for cybercriminals, with attacks becoming more frequent and sophisticated across EMEA,” said Javvad Malik, lead CISO advisor at KnowBe4. “Our findings underscore the critical need for financial institutions to move beyond reactive measures and embrace an integrated strategy that prioritises both technical vulnerabilities and the human element to build lasting resilience.”
The report examines significant cyber incidents across the regions, highlighting the rapidly evolving threat landscape in the sector. It emphasises the critical importance of a holistic approach where combining people, processes and technology cultivate strong security cultures and effectively manages human risk across organisations. The report includes recommendations for financial institutions seeking to strengthen their security posture through comprehensive human risk management strategies.
Download the full report here.
About KnowBe4
KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organisations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven ‘best-of-suite’ platform for Human Risk Management, creating an adaptive defense layer that fortifies user behaviour against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilises personalised and relevant cybersecurity protection content, tools and techniques to mobilise workforces to transform from the largest attack surface to an organisation’s biggest asset. More at https://knowbe4.com.
