The US financial sector has moved into heightened vigilance amid concerns that the escalating conflict with Iran could trigger cyberattacks targeting American banks and market infrastructure, industry officials and analysts say.
Tensions surged following the assassination of Iran’s Supreme Leader, Ayatollah Ali Khamenei, in an airstrike last weekend. The development has intensified instability across the Middle East, unsettled global markets and raised fears of retaliation, including in cyberspace.
Financial institutions, which operate critical infrastructure such as payment networks, clearing and settlement systems, trading platforms and Treasury markets, are seen as high-value targets for hostile actors. Executives say monitoring and defensive measures have been reinforced in response to the growing risks.
Todd Klessman, managing director for financial services, cyber and technology at the Securities Industry and Financial Markets Association (SIFMA), said the industry remains alert. He noted that firms are particularly focused on ensuring operational resilience during periods of heightened geopolitical risk. SIFMA conducts annual exercises to test whether major financial companies can continue functioning during severe cyber emergencies.
A senior banking industry official said lenders view cyber threats as a likely consequence of the unfolding crisis.
A recent US intelligence assessment warned that Iran-aligned “hacktivist” groups could launch lower-level cyber operations against US networks, including distributed denial-of-service (DDoS) attacks designed to overwhelm systems with traffic and disrupt services.
Credit rating agency Morningstar DBRS said the most immediate risks to global banks may stem from indirect factors such as sustained higher oil prices and financial stress on borrowers. However, it cautioned that cyber risks could increase if Iran seeks to retaliate digitally against Western institutions.
Meanwhile, a 2025 report by the Financial Services Information Sharing and Analysis Centre (FS-ISAC) found that the financial services sector was the leading target of DDoS attacks in 2024, driven in part by geopolitical conflicts including the wars in Ukraine and Gaza.
Although no major US financial institution has recently suffered systemic disruption from a hostile cyberattack, smaller-scale incidents have occurred. In 2023, a ransomware attack on the US broker-dealer arm of the Industrial and Commercial Bank of China disrupted the settlement of certain US Treasury transactions.
An FS-ISAC spokesperson said the consortium is coordinating with members to provide updated intelligence and guidance aimed at safeguarding the global financial system as the situation in the Middle East continues to unfold.