Bold claim: The banking sector is tightening its cyber defenses as geopolitical turmoil around Iran rattles global markets. But here’s where it gets controversial: does heightened alertness truly prevent attacks, or simply scramble responses when threats spike?
Banks are stepping up cybersecurity amid escalating tensions linked to the U.S. military action in Iran. Executives and analysts say threats often rise during geopolitical conflicts, prompting intensified monitoring across financial services firms that manage critical infrastructure such as payments, clearing and settlement systems, trading platforms, and Treasury markets.
The recent air strike that killed Iran’s Supreme Leader Ali Khamenei has ignited regional confrontations, unsettling markets worldwide and fueling fears of Iran-associated cyber intrusions into U.S. financial operations.
Cybersecurity has long been a core priority for the financial sector. Because these institutions underpin essential services—payments, clearing, settlement, market operations, and capital markets—the sector is a prime target for cyber threats. As one industry veteran notes, the sector must remain vigilant and ready to respond to threats at all times, especially when global cyber risk levels rise. Financial services groups, including SIFMA, emphasize operational resilience as foundational to the integrity and stability of U.S. capital markets.
Lenders themselves express pronounced concern about cyber risk, viewing it as a likely attack vector in the current climate.
U.S. intelligence assessments suggest the possibility of low-level cyber incursions by Iran-aligned actors. Reuters reported that Iranian-aligned hacktivists could launch minor disruptions such as distributed denial-of-service (DDoS) attacks aimed at overwhelmed networks.
Credit ratings firm Morningstar DBRS cautioned that the prime risks to global banks and asset managers may be indirect—via higher oil prices and borrower stress—but warned cyber risk could rise alongside broader tensions. The agency noted Iran could escalate cyber operations against Western financial institutions.
Lazard’s geopolitical team also highlighted cyber risk in the current environment, noting Iran’s demonstrated willingness to deploy cyber capabilities against commercial targets, including financial systems.
FS-ISAC, the Financial Services Information Sharing and Analysis Center, reported in 2025 that the financial services sector was the top target of DDoS attacks in 2024, with hacktivist activity rising amid Hamas-Israel and Russia-Ukraine conflicts. While the industry has not experienced a major attack disrupting a broad swath of markets recently, smaller DDOS incidents and ransomware episodes have disrupted localized market activity.
There have been notable past incidents, such as a 2023 ransomware attack on the U.S. broker‑dealer unit of Industrial and Commercial Bank of China that disrupted certain U.S. Treasury settlement activities. FS-ISAC did not immediately provide comment on the current situation.
Reporting by Michelle Price; Editing by Paul Simao
