Financial services organisations are experiencing the highest cyberattack intensity of any industry tracked by SonicWall, with attack attempts per device more than double the cross-sector average, according to the company’s 2026 Financial Services Protect Brief.
The report, a companion to the 2026 SonicWall Cyber Protect Report, draws on telemetry from more than one million global security sensors and highlights the growing sophistication of attacks targeting financial institutions, driven by the sector’s valuable data, regulatory obligations and reliance on legacy infrastructure.
“Financial services is not the most targeted vertical because attackers are indiscriminate,” said Michael Crean, SVP of Managed Services at SonicWall. “It’s one of the most heavily targeted industries because the incentives are obvious. Financial institutions hold some of the world’s most valuable data, operate under intense regulatory scrutiny, and have virtually no tolerance for downtime. Many also depend on legacy infrastructure that hasn’t kept pace with today’s threat landscape. That combination doesn’t just increase risk, it draws highly organized adversaries who deliberately study these environments and exploit the weaknesses they already know are there.”
According to the report, financial services recorded 132,378 intrusion prevention system (IPS) hits per device during the first half of 2026—the highest among all industries monitored by SonicWall. The GoodTech Telnet Server Buffer Overflow vulnerability generated 42.2 million detection events, while Log4Shell accounted for 35.6 million detections, indicating that legacy and unpatched systems remain attractive targets. Attempts to exploit Heartbleed also continue despite the vulnerability being over a decade old.
The report identified 10 ransomware families, including REvil (Sodinokibi) and Prometheus, targeting financial institutions. Malware activity averaged 39,341 hits per firewall, making financial services the second-most targeted sector after healthcare.
SonicWall said the findings reinforce the need for financial institutions to move away from traditional VPN-based access models and adopt Zero Trust Network Access (ZTNA) to reduce the risks associated with compromised credentials and legacy infrastructure.

