Skip to main content
27 Feb 2025

ENISA Threat Landscape 2024 Report: Cyber threat landscape in the Financial Sector

The European financial sector remains a prime target for cyberattacks, with the complexity of threats increasing exponentially. The European Union Agency for Cybersecurity (ENISA) recently launched the Threat Landscape 2024 report analyzing incidents from January 2023 to June 2024 and highlighting attacks on banks, insurance companies, and financial service providers. From Distributed Denial-of-Service (DDoS) attacks intensified by geopolitical conflicts to online fraud and supply chain attacks, cyber threats are becoming increasingly sophisticated.

Where do the threats come from?

Banks, insurance companies, payment providers, and end users are constantly targeted by cyberattacks. DDoS attacks have been exacerbated by geopolitical events, impacting European financial infrastructures. Meanwhile, attackers exploit security vulnerabilities to access and sell sensitive data, while online fraud schemes are becoming more advanced.

Beyond visible attacks like ransomware, which locks data access in exchange for ransom payments, more subtle methods such as phishing and social engineering are being used more and more. Smishing and vishing campaigns trick users into providing critical financial information, while cryptocurrency scams are on the rise.

Who are the attackers?

The threat landscape includes organized crime groups, hacktivists using cyberattacks as a form of protest, and state-sponsored actors engaged in economic espionage or financial destabilization. Additionally, human errors and vulnerabilities in IT supply chains represent weak points that are constantly exploited.

What’s next?

The financial industry must strengthen its defense strategies by investing in digital infrastructure security and employee awareness programs. Regulations such as the Digital Operational Resilience Act (DORA) and the NIS 2 Directive are becoming essential in protecting against attacks, and information sharing on threats between financial institutions and authorities is more critical than ever.

Deloitte has extensive experience in conducting penetration tests in compliance with the NIS 2 Directive, as well as Threat-Led Penetration Testing (TLPT) assessments required under DORA or TIBER-EU testing, helping financial institutions identify and remediate critical vulnerabilities before attackers can exploit them.

The cyber threat landscape is evolving rapidly, and cybersecurity is no longer just an option—it is a strategic element for financial stability.

Discover if your organization is ready for the NIS 2 Directive by taking this gap pre-assessment HERE.

Andrei Ionescu

Deloitte - Romania
Andrei este Partener coordonator al departamentelor de Consultanță și Managementul Riscului din Deloitte Romania și Moldova. Are peste 20 de ani de experiență în managementul riscului, securitate cibernetică, audit intern, managementul fraudei, implementări de sisteme informatice, auditul sistemelor informatice, continuitatea afacerii/ recuperare în caz de dezastre, management de proiect și asigurarea veniturilor. El lucrează pentru clienți care activează în domeniul bancar, în telecomunicații, tehnologie, energie și resurse naturale. Andrei este membru ISACA și (ISC)2 și deține mai multe certificări: CISA (Certified Information System Auditor), CRISC (Certified in Risk and Information Systems Control), CISSP (Certified Information Security Systems Professional), CISM (Certified Information Security Manager) și în management de proiect.
View Profile

Dragos Ionica

Deloitte - Romania
With more than 12 years of experience in the cybersecurity field, he works as a penetration tester and bug bounty hunter, with significant expertise in web application and infrastructure security testing. He has previously served as a senior consultant on cybersecurity projects for clients in various industries, including financial services, healthcare, telecommunications, retail, and entertainment. For nearly two years, he led a Red Team operations department. He holds certifications in OSCP, OSWP, OSCE, GWAPT, GPEN, and GXPN.
View Profile

For an in-depth exploration of our cybersecurity expertise

    

Discover more

Did you find this useful?

Yes
No

Thanks for your feedback

Your feedback is important to us

To tell us what you think, please update your settings to accept analytics and performance cookies.

Need help updating cookies?

In Romania, the services are provided by Deloitte Audit SRL, Deloitte Tax SRL, Deloitte Consultanta SRL, Deloitte Accounting SRL, Deloitte Fiscal Representative SRL, Deloitte Tehnologie SRL, Deloitte Support Services SRL, Deloitte Shared Services SRL as well as Reff & Asociații SPRL, the correspondent law firm of Deloitte in Romania, (jointly referred to as “Deloitte Romania") which are affiliates of Deloitte Central Europe Holdings Limited. Deloitte Romania is one of the leading professional services organizations in the country providing services in professional areas of audit, tax, legal, management consulting, financial advisory, risk management services, outsourcing solutions and technology consulting and other related services through over 3.400 national and specialized expatriate professionals. To learn more about how Deloitte makes an impact that matters, please visit www.deloitte.ro and connect with us on FacebookLinkedInYouTube and Instagram.

© 2025. For more information, contact Deloitte Romania