Cyber-attacks aren’t slowing down. In fact, 43% of all UK businesses experienced a cyber-attack in the year to April 2025.
Financial services remain heavily targeted. As digital transformations increase at pace, so does our reliance on third-party providers, AI tools, and cloud applications – increasing the number of possible threats and vulnerabilities that an attacker can exploit.
To help you to protect your data, systems, and networks, it's important to consider who the attackers are, their motivations, and what strategies they may use to exploit online users.
So, who’s behind cyber-attacks?
Organised cybercriminals
Most of the high-profile attacks you read in the headlines – such as M&S and other retailers – are the result of organised crime groups. Their goal is simple: financial gain.
These groups operate like legitimate businesses. They trick helpdesk staff into providing login details, access money directly, or steal data and hold it to ransom. They hide their identities online and often use cryptocurrency to launder their money.
What makes them so dangerous is their ability to evolve and stay ahead of your defences. Malicious software (malware) is now traded through online marketplaces, offering subscription-based deals, access to customer service portals, bonus referral schemes, webchats, and video tutorials showing how to use the software. This allows crime groups to distance themselves from attacks, whilst still receiving a percentage of any profits made from them.
This ‘software as a service’ model has increased the number of people able to carry out attacks. This has opened the door to so-called ‘Script Kiddies’ – individuals with no hacking skills – to launch attacks by simply buying and running the ready-made software against a business.
Script kiddies
Because Script kiddies lack the technical skills to create their own malware, they use hacking software sold online, scripts or automated tools to launch attacks instead. They would typically go after systems, businesses, or networks with vulnerabilities that are widely known, or those which don’t require sophisticated hacking skills.
There are a number of factors that motivate Script Kiddies. From seeking the thrill of hacking companies, intrigue about how much information they can access and steal, advancing their technical skills, or simply to cause damage.
Insider threats
Not all cyber risks come from outside the business. Insider threats can be anyone with physical or remote access to your business that could expose you to risk – ranging from staff, contractors, and partners. The threat can be accidental or malicious.
An accidental insider could cause a data breach by not following documented processes, clicking on a malicious link, or losing a company access badge which provides access to their building.
Malicious insiders, however, have intent. Their motivations range from disgruntlement – deliberately misusing privileges to steal data, committing fraud, or deleting entire databases – to employees who accept financial payment from an external party for providing access to their company network or data.
Nation-state actors
Nation-state hackers are highly skilled and sponsored by governments, meaning they have significant resources to carry out complex, advanced, and difficult to detect attacks. They typically target government run organisations, and critical infrastructure, as well as using social media to circulate fake news in the hope of swaying public opinion and spreading political propaganda.
Their motivations are espionage, theft of valuable data or intelligence to cause disruption, or to gain an advantage over other governments.
Hacktivists
Hacktivists carry out coordinated cyber-attacks against governments, businesses, or other groups in the most public way possible. A common attack style is Distributed Denial of Service (DDoS) which floods a website or service with traffic - causing it to crash - as well as defacing websites or taking over social media sites to display messages about their cause.
Their motivations are to spread political or social agendas, or expose secrets and sensitive information.
Simple steps to stay secure
It helps to assess the individuals or groups who are most likely to target you to help build your cyber strategy. For smaller adviser firms it’s unlikely to be nation state hackers and hacktivists, so you should concentrate on building your defences against organised crime groups, script kiddies and insider threats.
Your cyber security strategy should include:
- Enabling and enforcing Multi-Factor Authentication (MFA), especially for high-risk accounts. If your password is leaked, attackers will require an additional factor to gain access. Set up MFA with Parmenion today.
- Regularly reminding employees how to recognise phishing attacks, social engineering (e.g. tricking helpdesk staff into believing they are speaking to staff), and other common cyber threats/scams.
- Investigating changes in behaviour or approaches in how your clients contact and interact with you (most impersonation cases stay in one channel and push urgency).
- Applying software updates, including antivirus, laptops, mobile devices, and browsers.
- Using a password manager to set unique and long passwords.
- Maintaining offline backups of data that are stored separately and tested regularly.
- Staying informed of the latest threats, scams, and mitigations.
- Monitoring your accounts, using sites such as haveibeenpwned.com and change passwords immediately if you suspect you’ve been breached.
- Auditing access permissions, restricting access as much as possible and removing access for leavers or third parties once the relationship ends.
- Using anti-virus software, firewalls, VPNs, and intrusion detection and prevention systems.
This article is for financial professionals only. Any information contained within is of a general nature and should not be construed as a form of personal recommendation or financial advice. Nor is the information to be considered an offer or solicitation to deal in any financial instrument or to engage in any investment service or activity.
Parmenion accepts no duty of care or liability for loss arising from any person acting, or refraining from acting, as a result of any information contained within this article. All investment carries risk. The value of investments, and the income from them, can go down as well as up and investors may get back less than they put in. Past performance is not a reliable indicator of future returns.
