From Ponzi schemes to social media giveaway scams, bad actors have been committing cyber crimes as long as digital technologies have been around. Currently, the rise of modern technologies like artificial intelligence (AI) and cryptocurrency have enabled threats to evolve, requiring organizations to reassess security needs to ensure they’re prepared to handle the newest schemes.
The financial industry is especially vulnerable to cybersecurity threats due to the volume of sensitive data and financial assets, necessitating that firms are always on alert for risks that can impact operations. Advancing cyberthreats mean that security and data protection are a constant battle – and one that is easy to lose without the right infrastructure in place.
Weak defenses, great costs
Over the past couple of years, lacking security infrastructure has majorly disrupted business operations and caused data leaks that have had detrimental impacts for financial organizations. In June 2024, Evolve Bank and Trust experienced a ransomware breach by the means of a malicious internet link. The attack impacted nearly 7.6 million clients, with the hackers having stolen sensitive customer data.
Lacking protections from firms’ critical service providers have also been the root of several cybersecurity attacks, raising the importance of clear oversight of security measures and risk management for all partners and across supply chains.
In a case disclosed in 2025, Western Alliance Bank was affected by a ransomware attack that exploited a security vulnerability in a third-party file transfer tool used by the bank, which compromised the personal information of approximately 22,000 clients. In 2023, cybercriminals hacked third-party tool MOVEit, which impacted a vendor that Flagstar Bank had used and compromised sensitive client data.
In addition, there have been multiple instances of cloud provider breaches in the past year, such as in the case of Crowdstrike, where a faulty update to security systems impacted 8.5 million Microsoft Windows devices, or Oracle, where a hacker broke into the provider’s system and stole personally identifiable information.
What are the regulators saying?
Alongside issuing various statements and guidelines about the standards firms must meet in upholding security, regulators have also underscored the importance of addressing cybersecurity situations head-on to support integrity and consumer trust.
In October 2024, the Securities and Exchange Commission (SEC) issued charges against four firms for failing to disclose the severity of cyber incidents to clients, including Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited – which were collectively fined nearly $7 million. In this case, the firms involved made materially misleading disclosures downplaying the cyber incidents they encountered.
In response, Jorge G. Tenreiro, Acting Chief of the Crypto Assets and Cyber Unit at the SEC, shared the regulator’s zero tolerance for poor security measures and management:
“Federal securities laws prohibit half-truths, and there is no exception for statements in risk-factor disclosures.”
In May 2025, the Department of Justice (DOJ) announced amendments to its Corporate Enforcement and Voluntary Self-Disclosure Policy, which, alongside encouraging self-reporting, outlines the regulator’s priorities to root out financial crime. While the regulator mainly stated its focus on threats to national security, it emphasized that it “will hold accountable…those that enable criminals” – further illustrating the need for a commitment to strong security and compliance processes to maintain market stability.
A pervasive problem
Financial firms and cloud providers aren’t the only ones impacted by cyberthreats – businesses across industries have been victim to massive hacks that led to both operational disruptions and significant financial losses.
In the past week, Jaguar Land Rover was majorly impacted by a cyberattack, which forced it to halt manufacturing and retail operations for nearly a month. The U.K. government granted the company a £1.5 billion ($2 billion) loan in effort to “protect thousands of those jobs…and help them support their supply chain,” which Jaguar must pay back over the new five years.
Several months ago, U.K. retailers Marks and Spencer (M&S) and the Co-operative Group were both victim to high-profile ransomware attacks that left their systems vulnerable and inoperable. After hackers stole customer and employee data through social engineering tactics, M&S suspended online shopping for weeks, costing the company an estimated £300 million.
These debilitating incidents have proven that cybercriminals are stopping at nothing to challenge security systems and test for cracks, making resilient infrastructure mission critical. Lacking security structures within a company and with its external providers means that the risk of cybercrime intensifies drastically.
Secure systems to ensure safety
Infallible, resilient systems are essential to proactively shield against cyberthreats and keep investor protection at the heart of operations. Alongside reinforcing internal systems and promoting security awareness through training, firms that verify the security of all partnerships will be in a better position to defend against threats.
When choosing solutions to incorporate, firms should ensure that providers have security and risk frameworks in place to maintain security. This includes controls like encryption, monitoring, and incident responses, as well as transparency around data protections and certifications. Organizations are only as strong as the chain of providers that support them – and one weak link can lead to breaches across the board.
With privately owned data centers, a robust security infrastructure, high-level encryption defenses, and around-the-clock monitoring, Global Relay always keeps security at the core of its services. Learn more about our security strategy and how we ensure data protection.
