US banks step up cyber defenses as Iran tensions rise

The US financial sector is bracing itself against potential cyber threats amid escalating tensions in the Middle East. As Iran retaliates to the assassination of its supreme leader, firms are doubling down on cybersecurity measures and monitoring systems closely.

Executives and analysts from leading financial services companies express heightened vigilance. The industry operates critical infrastructure such as payments, clearing, settlement systems, trading platforms, and Treasury markets, making it a frequent target for cyberattacks. Notably, the recent assassination of Ali Khamenei has triggered global market volatility and fears about Iran-linked cyber assaults on US financial operations.

Todd Klessman, from SIFMA, underscores this concern: “The industry remains vigilant and ready to respond to any threats at all times, especially when geopolitical risks increase. Operational resilience is essential for maintaining the integrity and stability of our capital markets.” Analysts point to a potential rise in low-level cyberattacks, like Distributed Denial-of-Service (DDoS) attacks, as the most likely immediate threat.

US intelligence reports suggest Iran-aligned “hacktivists” could carry out these attacks against US networks. Meanwhile, Morningstar DBRS warns that cyber risks are escalating globally and cites indirect factors such as sustained higher oil prices, impacting borrowers and leading to cyber vulnerabilities within financial systems.

The credit rating agency also highlighted a growing concern about cyberattacks from Iran, which has previously demonstrated its willingness to deploy cyber capabilities against commercial targets, including financial systems. This is further corroborated by Lazard’s geopolitical advisory team who flagged the increasing threat of cyber risks in recent weeks.

A 2025 FS-ISAC report reveals that DDoS attacks remain a significant concern within the industry and were notably influenced by conflicts such as those between Hamas and Israel, Russia and Ukraine. In the past year, ransomware attacks on financial systems, including one impacting Industrial and Commercial Bank of China (ICBC), disrupted settlement processes for US Treasury trades.

Given these emerging risks, SIFMA has reinforced coordination efforts to ensure continuous access to the latest intelligence and guidance from FS-ISAC. This collaborative approach aims to safeguard the global financial system from potential cyber threats during this period of heightened geopolitical activity.