EMEA Finance and Banking: A Sector Under Siege

The finance and banking sector across Europe, the Middle East, and Africa (EMEA) faces extraordinary cybersecurity challenges, according to KnowBe4’s Cyber Risk in Finance and Banking Across EMEA report. While digital transformation has revolutionized operations and customer engagement, it has also created vulnerabilities that threaten the stability of the entire financial system.

A Prime Target for Cybercriminals

The numbers are worrying. Finance and insurance is the second most targeted industry in Europe, accounting for 18% of cyberattacks. In Africa and the Middle East, this figure jumps to 61%, making it the most attacked sector in these regions. Although this already paints a scary picture, the fact that the average cost of a data breach in finance and banking reached $5.56 million USD (€4.77 million EUR) in 2025 is even more so. 

Due to the high-value data they hold and their critical role in the economy, financial institutions are attractive targets for cybercriminals. Adding to that is the rapid digital transformation of the sector which is also continuously expanding its attack surface, and the growing dependency on third-parties create vulnerabilities beyond direct control.

The data shows that the cyber threat environment is worsening across EMEA. In 2024, European banks reported the highest number of cyber incidents since data collection began. More alarmingly, the share of banks facing at least one successful major ICT-related incident increased by 175% between September 2022 and March 2025.

Primary Attack Vectors

In Europe we saw phishing and spear phishing account for 30% of attacks, exploiting human behavior through social engineering, mainly through emails. DDoS attacks were also prominent, representing 46% of threats, with 58% targeting credit institutions. Ransomware demands grew to an average $4.2 million USD, with a catastrophic 15 days of downtime following attacks. 

Startlingly, 96% of Europe's top 100 financial institutions experienced third-party breaches from March 2024 to March 2025, up from 78% the previous year.

In Africa and the Middle East phishing remained the top threat at 34% of incidents, increasingly using AI-generated content. Ransomware attacks surged in particular in South Africa and Egypt; and the UAE banking sector faced multiple coordinated DDoS attacks from hacktivist groups.

Real-World Consequences

Recent incidents illustrated the scope of the challenge. In 2023, Deutsche Bank and other major German banks suffered data breaches through a third-party provider. Belgium saw pro-Russian hackers launch DDoS attacks on banking services in 2024. South African banks were infiltrated through compromised credit bureaus, while UAE institutions faced coordinated attacks from multiple hacker groups.

The Regulatory Response

European regulators responded through strengthened requirements, specifically the Digital Operational Resilience Act (DORA) and NIS2 Directive, mandating stronger ICT risk management, resilience testing, and third-party oversight. However, only 4% of financial entities have fully integrated DORA into operations as of March 2025.

Across Africa and the Middle East, countries have implemented their own frameworks. South Africa's SARB directives, Nigeria's Risk-Based Cybersecurity Framework, and comprehensive regulations in UAE and Saudi Arabia all mandate stringent cybersecurity controls and third-party oversight.

A Strategic Priority

Financial institutions are recognizing the urgency. According to the EBA, 82.4% of banks view cyber risk as the primary driver of operational risk. European banking chief risk officers consistently rank cybersecurity as their top concern, with 73% reporting it as a critical management issue.

While financial services firms currently spend 13% of IT budgets on cybersecurity, expected to increase, technology investment alone isn't sufficient.

Building True Resilience

Bolstering the sector’s security posture requires a holistic approach:

• Embed cybersecurity into digital transformation from the outset with security-by-design principles
• Strengthen third-party oversight through rigorous vendor risk management and resilience testing
• Address the human element with adaptive security awareness training and simulated phishing campaigns
• Balance technology and people by investing in both technical defenses and workforce capabilities

The Path Forward

With ransomware, phishing, and third-party risk driving cyberattacks against financial institutions, strengthening employee awareness is critical to building security culture and defending against initial access attempts. While it is important to invest in technology that enables stronger defenses, it's also vital to invest in employees, their skills, awareness, and behavior as that is what ultimately determines organizational resilience and protects not just individual institutions, but the stability of the entire financial system and global economy.