Financial Services and Insurance live and die by confidence. Customers expect their money to move, policies to be honoured, and services to be available without interruption. Cyber-attackers know this. In 2025, threat groups are acting more like commercial operators, using service models, affiliate networks, and coordinated campaigns to turn small footholds into incidents that disrupt payments, drain accounts, and damage brands.  

At Quorum Cyber, our starting point is simple. Strong defence begins with a clear sight of the threat landscape and your exposure within it. That means understanding not only what is happening inside your estate, but also what is unfolding across suppliers, payment rails, and public-facing channels that carry your brand.   

Our Relentless Threats: 2025 Mid-Year Global Cyber Risk Outlook, reflects the insight derived from our front-line engagements and strategic monitoring over the first half of the year. The finance threat landscape shows ransomware, data theft, and supplier compromise as the dominant risks. These often arrive through social engineering and credential misuse before pivoting into high-impact extortion or fraud.   

Fraud pressure is rising. UK Finance reports over £1 billion stolen, with the majority of authorised push payment cases starting online or via telecoms. Fraud and cyber operations are now intertwined, with business email compromise (BEC) and brand impersonation driving initial access and payment redirection.  

Regulators expect resilience, not best efforts. In the UK, the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) require firms to map important business services, set impact tolerances, and be able to remain within those tolerances by 31st March 2025. Boards are accountable for plans, testing, and investment decisions.   

In the EU, DORA took effect in January 2025 with a wave of Regulatory Technical Standards (RTS) and European Banking Authority (EBA) guideline updates that tighten ICT risk management and third-party oversight.  

Payments must keep moving. The global community has long recognised that financial market infrastructures and connected firms need strong cyber resilience. The International Organization of Securities Commissions (IOSCO) and the Committee on Payments and Market Infrastructures (CPMI) guidance sets international expectations for cyber response and recovery, while the SWIFT Customer Security Programme (CSP) and Certificate in Supply Chain Finance (CSCF) require concrete controls and annual attestation. These are more than policies. They are the operational backbone that keeps funds flowing and systemic risk contained when incidents occur.   

What has changed so far in 2025?  

From January to June 2025, the Quorum Cyber’s Threat Intelligence team has identified and tracked over 70 new threat groups and Malware-as-a-Service (MaaS) offerings. During this period, the team noted a marked increase in the sophistication and innovation of threat actors, with several patterns standing out:  

1. Ransomware with payment-adjacent pressure  

Attackers target identity infrastructure, messaging gateways, file shares that feed batch processes, and cloud storage used for reconciliation or policy servicing. Once inside, they combine data theft, encryption, customer harassment, and reputational pressure to force payment.  

2. Credential-first intrusion 

Stolen or phished credentials open the door to privileged access. Multi-factor Authentication (MFA) resets through social engineering remain common at service desks. When combined with legacy protocols or weak conditional access, dwell time increases and lateral movement reaches critical systems.  

3. Third-party knock-on effects  

Incidents at software or services providers ripple into banks and insurers. Dependency on cloud-delivered solutions and payment intermediaries increases the importance of contractual controls, monitoring, and rapid isolation.  

4. Fraud blending with cyber 

Authorised Push Payment (APP) fraud, mule recruitment, and BEC abuse intersect with compromised mailboxes and lookalike domains. The fraud loss number and channel mix underline why brand and credential monitoring must sit alongside endpoint and identity controls.  

Cyber resilience is no longer optional, it’s foundational 

In a threat landscape where attackers move fast and regulators demand accountability, financial services and insurance firms must evolve from reactive defence to proactive resilience. At Quorum Cyber, we help financial institutions reduce blind spots, protect operations, and secure the balance sheet with Microsoft-first solutions built for relentless threats. 

Our 24/7 Managed Detection and Response integrates finance-specific threat intelligence, automates response playbooks for ransomware and BEC, monitors brand and credential abuse, and extends visibility into critical suppliers. That’s why Microsoft named Quorum Cyber  Security MSSP of the Year 2025. 

Download the Relentless Threats: 2025 Mid-Year Global Cyber Risk Outlook for practical steps to strengthen  your resilience.