US Regulators Warn Banks of Rising Cyber Threats Amid Iran Conflict

Financial regulators in the United States are raising concerns over a surge in cybersecurity risks targeting financial institutions following escalating military tensions involving Iran. Authorities in California and New York have issued formal warnings, urging banks and financial service providers to strengthen their cyber defenses amid what they describe as a “heightened threat environment.”

The California Department of Financial Protection and Innovation (DFPI) recently circulated a bulletin advising regulated entities to increase their cyber awareness as geopolitical developments unfold in the Middle East. Christina Tetreault, Deputy Commissioner at DFPI, emphasized that financial institutions remain prime targets during such conflicts, particularly given Iran’s stated intent to target organizations linked to the U.S. and its allies.

Similarly, the New York Department of Financial Services (NYDFS) issued a letter to chief information security officers (CISOs), warning that recent global events “warrant vigilance” and calling for immediate reviews of cybersecurity frameworks and incident response readiness.

The warnings follow reports of operational disruptions across global financial hubs. Major institutions including Citi, Standard Chartered, Goldman Sachs, and HSBC have taken precautionary measures such as limiting office access in affected regions or temporarily closing branches.

Cybersecurity experts and ratings agency Fitch have also flagged an increased likelihood of attacks from state-sponsored actors, hacktivist groups, and independent threat actors. A recent cyberattack on medical equipment company Stryker—reportedly claimed by an Iran-linked group known as “Handala”—underscores the growing threat landscape.

Regulators are advising financial institutions to take a proactive stance by:

• Identifying and mitigating system vulnerabilities

• Strengthening monitoring of network traffic and suspicious activity

• Limiting exposure of internet-facing systems

• Testing incident response and recovery plans

• Enhancing communication strategies with customers and employees

• Monitoring supply chain risks and disinformation campaigns

Additionally, institutions are urged to enforce strict access controls, minimize user privileges, and implement safeguards against malicious code injections.

Industry groups such as FS-ISAC are actively coordinating intelligence-sharing efforts to help institutions respond to evolving threats. A spokesperson highlighted that geopolitical instability has historically created opportunities for cyberattacks, making vigilance critical to protecting the global financial system.

As tensions persist, regulators are making it clear: cybersecurity preparedness is no longer optional—it is a core pillar of financial stability.

Source: Banking Dive