Financial institutions are navigating a growing cybersecurity minefield, with data breaches doubling since 2023 and increasingly affecting a company’s market confidence or regulatory standing.
According to a report from AInvest, third-party breaches in the financial sector have doubled since 2023. The report also found that the average breach costs hitting $4.8 million, and insider-related incidents costing $17.4 million per organization.
With cyberattacks via third-party vendors and insiders rising, investors are beginning to scrutinize fintech and banking stocks for cyber resiliency as intensely as for earnings per share.
Hacks of this type often take around 80 days to contain, illustrating how experts still struggle to thwart real-time risks.
Hacks are growing in size and impact
The consequences also go beyond balance sheets: Santander’s 2025 cross-border data breach, for instance, dented its market standing even before regulatory fines were levied.
In that attack, 30 million customers from Spain, Uruguay and Chile and some Santander employees had their data hacked, including their personal data like social security numbers. In October 2024, the bank was fined €50,000 by the Spanish data protection agency (AEPD) for failing to report the breach and violating the General Data Protection Regulation (GDPR).
“Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed,” it said in a statement posted at the time.
“No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords.”
A rising tide of threats
These trends align with research from the International Monetary Fund, which found that the growing scale and sophistication of cyberattacks on financial infrastructure are now large enough to threaten economic stability.
The growing cost of cyber losses after a breach has been noticed, identified, disclosed to customers and fined by regulators has soared to $2.5 billion, accounting for reputation, regulatory, and remediation impacts.
Investors are also seeing a shift in the political and regulatory landscape. The European Union’s Digital Operational Resilience Act (DORA) and the UK’s Cyber Resilience Bill are ushering in higher standards for third-party risk and digital continuity in financial services.
Meanwhile, the Reserve Bank of India is demanding that banks deploy “AI-aware” defenses under a zero-trust framework, citing systemic risks tied to vendor lock-ins. For investors and regulators, cybersecurity is no longer just an IT concern, it’s a board-level strategic imperative.
The real-world cost of cyber vulnerability
In the UK, institutions like HSBC and Santander continue logging dozens of service outages each year, despite investments in cybersecurity and modernization. Barclays alone reported 33 outages between 2023 and 2025, an alarming reminder of the fragility of complex, dated infrastructure.
Similarly, a surge in phishing and third-party breaches is forcing firms to redirect resources toward building resilience-based infrastructure. New findings show that 45% of employees at large financial institutions remain susceptible to clicking malicious links, making human error a critical line of attack even with technical safeguards.
Thinking of investing in bank stocks?
For investors, the key takeaway is clear: cybersecurity maturity must factor into valuation and stock selection, especially within the fintech and banking sectors.
Companies investing in zero-trust architecture, which means requiring strict verification of every user, device, and application before granting access to resources, and AI-based anomaly detection are likely to be better protected and safer bets for investors wanting to avoid hacks.
Additionally, companies that have rigorous quarterly audits of their third-party cybersecurity plans see much more confidence from the capital markets.
Operational resilience is another critical factor, with institutions that participate in cyber war games and incident response exercises, organized by entities like the Federal Reserve and FS-ISAC, being viewed more favorably.
Another sign banks take security seriously? Financial institution leaders who prioritize employee cybersecurity training are recognized for effectively closing the most dangerous gaps in the defense chain, enhancing overall human risk management.
Security as a competitive edge
The confluence of regulatory pressure, rising financial fallout, and geopolitical cyber threats means investors can no longer afford to overlook cybersecurity metrics. Firms that treat defense as a cost center may ultimately come off worse than those that regard it as a strategic asset.
Financial institutions that embrace robust cyber hygiene, anticipate evolving threats—including AI and quantum risks—and align with regulatory expectations, could well distinguish themselves as proven leaders rather than potential liabilities. The security of tomorrow’s balance sheet may well depend on the strength of today’s defenses.
Read the full article here
