Shadow AI, third-party compromise and double extortion ransomware converge as DORA makes intelligence-led resilience a regulatory requirement
Filigran, the European open-source threat management company, today released Cyberthreats in the Financial Sector, a report mapping the evolving threat landscape facing financial institutions and the regulatory shifts redefining how they must respond.
The report finds that 90% of breaches affecting financial institutions in 2025 were financially motivated, with data breaches accounting for 64% of incidents and ransomware 36%. The financial sector was the second-most expensive industry for data breaches, at $5.56 million per breach.
AI is compounding the risk. Shadow AI accounted for 20% of AI-related breaches, and 97% of affected organizations lacked adequate access controls. Supply chain compromise reached systemic levels, with third-party involvement in 30% of financial-sector breaches.
With the EU's Digital Operational Resilience Act (DORA) now enforceable, financial institutions must demonstrate intelligence-led risk management, threat-led penetration testing on live systems, and robust third-party oversight.
Download the full report at filigran.io.
FAQs
How can financial institutions prepare for DORA's threat-led penetration testing requirements?
DORA Articles 26 and 27 require intelligence-led penetration tests at least every three years on live production systems, with supervisors expecting measurable improvement across cycles. Filigran's XTM platform connects threat intelligence directly to attack simulation, enabling continuous, threat-led validation aligned with frameworks like DORA and CTEM.
How is ransomware targeting financial institutions differently?
Approximately 12.8% of B2B financial organizations experienced ransomware in 2025, with attackers increasingly combining encryption with data exfiltration in double-extortion tactics that trigger regulatory reporting obligations. Filigran's report found double-extortion is now the dominant ransomware tactic against financial institutions.
Why is third-party cyber risk now a systemic threat to financial institutions?
Third-party breaches like MOVEit continued to affect major banks into 2025, and the Bybit $1.5 billion theft exposed how supply chain weaknesses in transaction flows can lead directly to extreme loss. Filigran's research recommends continuous intelligence sharing and attack simulation across the vendor ecosystem.
About Filigran
Filigran, a cybersecurity company, offers an open-source, AI-powered, threat-informed approach to Continuous Threat Exposure Management (CTEM). Its eXtended Threat Management (XTM) platform delivers threat intelligence, exposure validation, and cyber risk reduction. Learn more: Website Blog LinkedIn X
View source version on businesswire.com: https://www.businesswire.com/news/home/20260421513542/en/
Contacts:
Media Contact
Treble
McKenzie Covell
filigran@treblepr.com
