The financial sector’s quest to produce better returns hinges on the integrity of its systems and processes, which could be put in disarray by a simple phishing email. What’s more, when stock value also depends on sound security, the requirement to remain resilient gains another dimension.

For this reason and others, regional entities like the European Union formulated the Digital Operational Resilience Act (DORA), made to strengthen the security postures of financial entities, such as banks, investment firms, insurers and others. 

Usually, regulations are seen as having a negative impact on business – burdening processes with needless bureaucracy, increasing spending just to keep an operation in tip-top condition in case of a random weekday audit. However, the truth is that such regulations demanding sector-wide changes usually have a good cause. What are those? Read on.

Key points of this article:

  • The financial sector keeps the global economy running. However, due to its critical nature (money, data), it is a prime target for sophisticated threat actors.
  • Owing to the chaotic nature of the threat landscape and to make financial actors more responsible, regional entities like the European Union are introducing regulations like DORA to raise cyber resilience sector-wide.
  • Compliance might seem difficult, but it could prove to highlight existing security gaps, which could be covered by focusing on the right preventive solutions tailored to one’s attack surface, such as threat intelligence or a 24/7 managed security service.

The financial threat landscape

Businesses and regular consumers depend on banks, accountants and insurers to handle their finances, from salaries and mortgages to large business deals. There’s quite a lot of money circulating within these industries … and threat actors would give their left arms and legs to get access.

Internally, ESET Research have long determined that advanced persistent threat (APT) groups around the globe are likely to target financial services, such as TraderTraitor, a North Korea-aligned actor, which stole cryptocurrencies worth $1.5 billion in 2025 from Bybit, the second largest cryptocurrency exchange in the world.

A map of the most targeted sectors by APTs around the globe. (Source: ESET APT Report Q4 2024-Q1 2025)
The most targeted sectors by APTs around the globe. (Source: ESET APT Report Q4 2024-Q1 2025)

In fact, ENISA’s Threat Landscape: Finance Sector report details that in Europe, the financial sector is the third-most targeted, with most attacks impacting European banks (credit institutions) at a 46% rate, followed by public financial organizations at 13%.

Swiss-cheesed by cybercrime

In Switzerland, the Swiss Financial Market Supervisory Authority noted in 2024 that most of the attack reports it had received were from small market participants, such as asset managers or untied insurance intermediaries, with most attacks attributed to business email compromise and CEO fraud, or SIM swapping.

This is supported by concerns in Denmark, where the government estimates that the threat of cybercrime against the Danish financial sector is very high, with ransomware and extortionware being the top concern. Likewise, Germany’s Federal Financial Supervisory Authority reported a significant increase in IT incidents affecting financial firms, with most related to mobile banking and e-banking. 

Did you know? Fintech’s threat woes

Financial technology (fintech) is a sector responsible for improving the delivery of financial services, such as novel crypto developments, mobile banking and trading tech, resulting in its widespread adoption. Consequently, this makes fintech a likely target, with malware like Grandoreiro targeting banks and their customers with theft.

Relatedly, ESET Research detected a massive 35x surge in NFC fraud, suggesting that criminals are heavily adopting contactless payment abuse. One of these, NGate, was featured prominently in a research story, wherein attackers secretly relayed NFC data from payment cards through a compromised phone. GhostTap also steals card details, so attackers can load victims’ card data into their own digital wallets and make payments with their phones worldwide. 

None of this is surprising. As the financial sector digitalizes, it presents new access opportunities for cyber threat actors.

DORA: A best practice?

With such a troublesome backdrop, the EU, for example, has elected to focus on building up the resilience of the financial sector (like banks, investment firms and even crypto-service providers) due to its increasing dependence on potentially vulnerable digital systems. 

DORA addresses foundational issues with information and communication technology (ICT) in the financial sector. Via universal application to all financial entities across the EU, this regulation establishes a general framework for risk management, harmonizing rules and resilience through all the member states.

A word on DORA’s reach

Not unlike the NIS2, DORA applies to any financial entity with a foothold in an EU country. Therefore, even a bank from the United Kingdom or Switzerland with a local office in Paris or Warsaw must comply or face penalties.

Noncompliance is penalized. The fines are to be up to 2% of a firm’s total annual global turnover or €10 million (whichever is higher). Or in the case of an individual (such as a firm’s business leader), a fine of up to €1 million.

Yes, even individual business managers can be found liable for their company’s noncompliance. 

Third-party ICT service providers deemed as critical by the European Supervisory Authorities can face fines of up to €5 million (or up to 1% of their annual global turnover), or €500,000 for an individual.

Hard to comply, or hardly complying?

DORA has brought up an interesting conversation, as companies are finding compliance tough and costly to implement. Sure, implementing an actual security strategy might be costly, but so are data breaches. Therefore, financial entities should ask themselves whether the difficulty stems from DORA’s requirements or the fact that implementing industry-standard security measures highlights their existing inadequacy in that area, translating to difficulties while onboarding new measures.

Supporting financial entities

ESET protects multiple financial entities, both large and small, ensuring their continued security, with a portfolio of products and services that are well prepared to help with compliance, such as:

  • Advanced ESET Endpoint Security, complete with multilayered ESET LiveSense technology to handle zero-day threats, even fileless ones, securing core endpoints in use by bank tellers, insurance agents or stock brokers. 
  • Professional ESET Managed Detection and Response (MDR) services, which boast a top 6-minute time to solve an incident, especially useful when dealing with APT groups and ransomware threats. The services also include tailored reporting to help catalogue incident details for potential audits, further satisfying cyber insurance and regulatory requirements.
  • Backing up SOC analysts with ESET Threat Intelligence and ESET APT Reports, empowering faster decision-making and in-house intelligence to deal with advanced threats, with curated feeds and reports ready to be used by financial entities based on their own internal needs.

Since prevention-first security is about having multiple protective layers, financial entities should also procure solutions like ESET Vulnerability and Patch Management, ESET Encryption, and ESET Secure Authentication, to handle everything from access authentication, through dealing with vulnerabilities, to securing data from misuse. 

These are the three solutions that can diminish a significant percentage of initial attack vectors, whether they stem from employee negligence or (un)known security gaps.

Radical optimism

Don’t sweat it. With ESET’s solutions and services, financial organizations can be well on their way toward increased cyber resilience. While it may seem like a daunting task, the key is to take security implementation step by step, focusing on a particular financial entity’s needs, which regulatory asks can also easily point out.

The good thing is that with an attentive security partner, this part is easier than ever, going hand in glove to solve one’s security woes.

For more information about the financial threat landscape and how ESET Threat Intelligence can help secure it, please read our factsheet below.