CrowdStrike 2026 Financial Services Threat Landscape Report

Adversaries are increasingly targeting the global financial services sector for high-value assets, sensitive data, and customers’ personally identifiable information (PII). As a result, defenders are facing a rise in hands-on-keyboard intrusions driven by diverse motivations. 

The CrowdStrike 2026 Financial Services Threat Landscape Report provides an exclusive deep dive into how eCrime and state-sponsored threat actors are evolving — and what organizations can do to stay ahead. 

Key insights:

• Interactive intrusions are rising: Hands-on-keyboard attacks have increased by 43% over the past two years, giving adversaries flexibility to shift from initial access to pursue theft, extortion, or intelligence collection.
• Ransomware pressure is growing: Big game hunting activity is rising — from April 1, 2025, to March 31, 2026, there was a 27% increase in financial services victims named on dedicated leak sites compared to the previous reporting period, underscoring the sector’s attractiveness for high-value extortion.
• Democratic People’s Republic of Korea (DPRK) activity is intensifying: North Korean adversaries have intensified their focus on financial technology (fintech) and cryptocurrency organizations, executing the largest financial theft in history through sophisticated supply chain compromise.
• China-nexus espionage persists: China-nexus threat actors remain a leading intelligence threat, aggressively targeting PII and economic data during long-term espionage campaigns.

Get the report for the findings you need to protect against threats to the financial services sector.