Justine Bone

(Reuters) - The U.S. financial services industry is on heightened alert for potential cyberattacks amid the unfolding U.S. war in Iran, with firms stepping up monitoring for threats that often rise during periods of geopolitical conflict, said executives and analysts. The killing of Iranian Supreme Leader Ali Khamenei last weekend in an air strike has sparked a conflagration in the Middle East that has roiled markets globally and stoked concerns over the potential for Iran-linked cyberattacks on U.S. financial services operations. Cybersecurity has long been a top priority for the financial services industry, which operates critical U.S. infrastructure, including payments, clearing and settlement systems, as well as trading platforms and Treasury markets, making it a top target of cyberattacks, according to industry data. "The industry remains vigilant and ready to respond to cyber threats at all times, and especially when global cybersecurity risks are heightened," said Todd Klessman, managing director for financial services cyber and technology at industry group SIFMA which runs an annual exercise to ensure financial firms can operate through significant cyber emergencies. "We continue to monitor the current situation with a focus on operational resilience, which is foundational to the integrity and stability of the U.S. capital markets," Klessman said. Another top banking industry official said lenders are very concerned about the risk of cyberattacks, which they see as likely. U.S. INTELLIGENCE SEES LOW-LEVEL CYBERATTACKS AS POSSIBLE According to a U.S. intelligence assessment that Reuters reported on Monday, Iran-aligned "hacktivists" could conduct low-level cyberattacks against U.S. networks, such as distributed ​denial-of-service attacks (DDoS), whereby hostile actors overwhelm a targeted server with a flood of internet traffic. Credit rating agency Morningstar DBRS said on Tuesday the most significant risks to global banks and asset managers were likely to be indirect, including sustained higher oil prices and shocks to borrowers, but warned that cyber risks could also rise. "Iran could increase its cyberattacks against Western entities, including banks," the credit rating agency said. U.S. investment bank Lazard's geopolitical advisory team also this week flagged cyber risks, noting that Iran has demonstrated a willingness to deploy cyber capabilities against commercial targets, including financial systems. According to a 2025 report by the Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry consortium, the financial services sector was the top target of DDoS attacks in 2024, with the Hamas-Israel and Russia-Ukraine wars fueling a surge in hacktivism. While the industry has not in recent memory suffered a major disruption due to a hostile attack, smaller-scale DDOS attacks as well as ransomware attacks have disrupted pockets of the market. A 2023 ransomware attack on the U.S. broker‑dealer unit of Industrial and Commercial Bank of China disrupted settlement of some U.S. Treasury trades. A spokesperson for FS-ISAC did not immediately provide a comment.