The 2024 CrowdStrike outage and the ransomware attack on NHS partner Synnovis hit mainstream news and highlighted the fragility of ICT supply chains and the risks posed by cyber incidents. With all of us now firmly ensconced in the digital world, companies face a wide range of cyber threats comprising both malicious attacks and outages arising from incidents affecting the ICT supply chain, with many nation-state threat actors and cyber criminals also using AI to increase the volume and heighten the impact of cyberattacks. Financial services firms are uniquely exposed to cyber risk, not least given the volume of confidential and personal data and transactions they handle. These threats are not new –the IMF’s 2024 Global Financial Stability Report and accompanying blog state that “the financial sector has suffered over 20,000 cyberattacks, causing $12 billion in losses, over the past 20 years” – but the risks of cyberattack and the resultant extreme losses have increased sharply. In this article, we consider what these risks look like in 2025 and ways that financial services firms can proactively manage them.
Scale of cyber threat
The Bank of England’s latest
