Cyberattacks on financial services providers are down in the first five months of 2026, but not because of hoped-for reasons such as declining malicious intent or better security. Rather, it is because the attackers and threat actors
Firms can combat this by conducting frequent check ins and upgrades to their cybersecurity systems.
Cybersecurity firm SonicWall's state of financial services cybersecurity report found an overall sectors-wide decline in cyberattacks for the first half of the year, but financial services experienced
"Overall attack volumes are falling across every industry as attackers grow more selective, trading quantity for precision," SonicWall said in the report. "Attackers are not walking away from this sector. They are becoming more deliberate about how they hit it, focusing effort where the payoff is highest rather than casting a wide net."
READ MORE:
In an interview, Michael Crean, senior vice president of managed services at SonicWall, said firms are vulnerable due to an often incorrect assumption that they bought the "best tool" and they are therefore protected. Going beyond the name on the box is an important next step.
"You put the strongest deadbolt on your house, but what happens when you're not there," he said.
Should a cybersecurity threat approach, he continued, if nobody is watching, they can persist until they find weaknesses.
"Tools could be screaming at you to tell you there's a problem," Crean said, "but what about if nobody is there to hear it?"
Michael Brice is president of BW Cyber, a firm that deals in cybersecurity and managed security. Brice has seen the evolution of cyberattack sophistication firsthand. He also noted the lie-in-wait long game some attackers are willing to play. They lurk inside a system for multiple months, watching transactions. They pass up the smaller ones in anticipation of larger, seven-figure transactions before they attack.
"These are very patient people," Brice said in an interview.
The numbers and the dilemmas
For the first five months of 2026, cyberattack hits topped 132,378 per firewall in financial services, representing twice the average of other sectors and industries, according to SonicWall, which additionally reported 39,341 malware hits per firewall and 62.8 million incidents that involved malicious software in financial services.
According to SonicWall, attacks targeting unpatched or legacy infrastructure and systems affected 42 million firms via a Telnet-related vulnerability. When that vulnerability is exploited, these legacy systems also come with a serious problem. "They send usernames and passwords across the network in plain text," wrote Sonicwall. "Anyone intercepting the connection can read them directly."
The SonicWall report continued, "worse, the type of attack being used here can give an intruder full remote control of the machine. These are not isolated back-office servers. They sit next to systems that process payments and hold transaction records."
READ MORE:
One remedy often deployed is to "patch" the system using an update, but as SonicWall found in its companion 2026 Cyber Protect report, "The defender's timeline has not kept pace. Seventy-seven percent of organizations need more than a week to deploy patches enterprise-wide, and 14% require more than four weeks. In financial services, the average time to patch a high-severity vulnerability is 102 days."
Raising awareness and thwarting the threat
One of SonicWall's top recommendations to protect a firm is to deploy a zero-trust policy. Stolen credentials unlock entire environments, SonicWall wrote, and zero-trust policies limit the damage of stolen credentials by preventing access to entire networks.
"Numbers don't lie," said Crean. Advisors and firms should be aware that "you're going to find yourself on the wrong end of this. Be a little bit more vigilant in what you're doing and how you're doing it."
For advisors, the question is less about whether an attack will come and more about if the firm is prepared when it does. Jeff Judge is an advisor at Forest Hill, Maryland-based Chesapeake Financial Planners. In an email, he said he approaches cybersecurity the same way he does a financial plan. "One document isn't enough, and it's useless if nobody updates it," he said.
Judge utilizes a three-prong approach involving written policy around both cybersecurity and security of the branch office itself, alongside a business continuity plan the firm reviews annually at a minimum, a managed services team that handles the technical aspects daily, and multistep verification on anything that deals with money movement.
"Firewalls get breached," said Judge. "What's harder to breach is a firm where people are trained to slow down before money moves."









