In this post, I will compare banks vs. fintechs and reveal which is more cybersecure in the end.
It’s a frightening statement: if you’re a COO of a financial institution, be prepared. It’s no longer a matter of if you’ll be a target for a cybercriminal, but when. These hackers aren’t after cash directly; they’re after data, and with that, they can access the money. A lot of money.
Consumers are equally as concerned, and rightly so. But who can they trust more, traditional banks or online fintechs? The answer may surprise you.
We’ll compare both, but before we answer that question, let’s look at the current cybersecurity issues that face the financial industry.
Table of Contents
The Cybersecurity Issues
Data from the European Union Agency for Cybersecurity (ENISA) claims that European credit institutions (banks) were the most frequently targeted by cybercriminals—46% of cybersecurity incidents between January 2023 and June 2024.
Financial institutions also remain the top targets for phishing attacks, accounting for over 50% of all phishing globally. With the uptake of AI, phishing emails have become more sophisticated. Fintech and banking customers are easily caught by polished and convincing messages. Fintechs are highly targeted by phishing, usually in the form of spear-phishing campaigns that exploit their digital platforms and customer bases.
The biggest vulnerability for both banks and fintechs comes from third-party and supply-chain vendors, as attackers use these compromised vendors to launch targeted campaigns.
These risks aren’t theoretical—recent breaches highlight how exposed both banks and fintechs are.
Recent Cybersecurity Attacks on Financial Institutions
Finastra, a major UK-based fintech, suffered a significant cyberattack in November 2024, where hackers illegally accessed over 400GB of data. The cybercriminals hacked into its secure file transfer platform (SFTP), which is primarily used to send files to its clients. The data accessed included personal information, financial records, private communications, and contracts. It was discovered that outdated Pulse Secure VPN and Citrix systems left Finastra vulnerable.
Even with years of experience and robust digital security, fintech powerhouse PayPal isn’t immune to cyberattacks. In 2022, cybercriminals performed a credential stuffing attack affecting nearly 35,000 user accounts. They were able to access sensitive data such as names, addresses, SSNs, and birth dates. The incident sparked lawsuits from PayPal customers alleging inadequate security practices.
An example of a third-party vendor being hacked and having its clients’ data stolen is Twilio, which is a communication platform widely used by banks and fintechs. It’s been hacked twice. First, in 2022, two of its employees were victims of a phishing email that requested their corporate login details. In July 2024, it was hacked again, and cybercriminals discovered personal details connected to 33 million phone numbers associated with the Authy 2FA app.
Traditional Banks’ Resources and Regulation
Historically, traditional banks have built trust with their customers due to the huge regulatory compliance frameworks that they must adhere to. The Bank Secrecy Act (BSA) and the Anti-Money Laundering Act (AML) are both in place for transaction monitoring to ensure suspicious activity is reported.
Most of them (especially the big-name ones) have a massive security budget, which helps them build strong defenses.
Some may argue that banks are more secure as they have physical locations where cash can be held, while every cent a fintech holds is digital. As we mentioned in the introduction, it’s not the cash the cybercriminals are after—they leave that to bank robbers. They want data, as data equates to power.
One significant advantage traditional banks have over fintechs is that, as they’ve been around longer, they benefit from years of experience in fraud detection, risk management, and customer protection. However, none of that means anything when it comes to brand-new cybercrimes.
Fintechs’ Technological Edge
Technology gives fintechs an edge over banks as they’re often the first to adopt AI, machine learning, and blockchain. A survey showed 43% of UK fintechs expose themselves unintentionally by revealing software details online, giving hackers an advantage.
As fintechs’ customer base broadens, consumers rely on these finance providers for cross-border transactions. In most cases, they’re significantly faster and cheaper than those done via banks. Fintechs are expanding into other areas, like Revolut casinos in Ireland, where Revolut can be used to fund deposits, reducing the need for a credit card. While this is great for the consumer, it’s another avenue where fintechs need to have strict digital security to prevent cybercriminals from hacking into this sensitive information.
The biggest challenge for fintechs is that they rely heavily on digitization without the same level of regulatory oversight, which leaves them open to vulnerabilities.
Which Is More Cybersecure?
So, are banks more cybersecure than fintechs? For now, yes. It’s the fintechs’ digital innovation that puts them at risk. Banks benefit as they have stricter regulations, bigger security budgets, and more developed risk management frameworks.
Fintechs, due to their rapidly evolving technology and often lighter regulation, show more frequent exposures or gaps that leave them vulnerable to attacks.
Banks aren’t immune to cybersecurity attacks. They face escalating phishing threats, as their weaker email authentication systems are an issue. AI-powered phishing is increasing in sophistication and volume, reducing customer trust and increasing their fear that their data may be compromised.
Looking ahead, the solution lies in collaboration.
Future of Digital Trust
Banks and fintechs need to work together, share knowledge, ideas, and technology, and collectively work proactively to fight cybercrime straight on.
Banks have years of experience in data management and security, but fintechs have more developed and better technology applications. Put together, they could significantly reduce cybercrime.
Their biggest challenge will still come from the supply chain and third-party vendors whose applications may be outdated or compromised. More regulations on what third parties can access and the minimum tech standards they must meet may be the solution to this problem.
Cybercriminals are getting smarter, and AI developments are making their tasks even easier. It’s up to banks and fintechs to partner to come up with robust solutions. This appears to be the only way to boost customer confidence for the finance industry as a whole. The NIST cybersecurity framework is a step in the right direction, but more collaboration is required if financial institutions plan to stay ahead of cybercrime.
INTERESTING POSTS
- The Big Risks In Big Data For Fintech Companies
- Why A One-Size-Fits-All Approach No Longer Works For Modern Banking Clients
- Why Cyber Security Matters In The Field Of Education
- The Power Of Virtual Data Rooms In Mitigating Banking Risks
- Using Artificial Intelligence To Keep Your Financial Data Safe [Infographics]
- How Did My Personal Information End Up on the Dark Web?
About the Author:
John Raymond is a cybersecurity content writer, with over 5 years of experience in the technology industry. He is passionate about staying up-to-date with the latest trends and developments in the field of cybersecurity, and is an avid researcher and writer. He has written numerous articles on topics of cybersecurity, privacy, and digital security, and is committed to providing valuable and helpful information to the public.
