Member Resource – Expert Tales of Cyber Risks in the Financial Sector

ISC2’s newly released peer-sourced document, Expert Tales of Cyber Risks in the Financial Sector, highlights vulnerabilities and the impact of recent cyberattacks through case-based storytelling. Tailored for small and midsize businesses (SMBs), it delivers real-world insights and practical strategies to address the growing cyber threats facing financial institutions. Expert accounts of ransomware, malware, crypto-related risks, and cyber scams offer clear guidance for practitioners.

Financial services are among the most targeted by cyber criminals due to high-value transactions and sensitive data. This guide draws on accounts shared by ISC2 members in workshops hosted by the ISC2 Standards and Practice    team. The presented case studies illustrate how attacks unfold, where vulnerabilities lie, and how organizations responded—right or wrong. You’ll learn:

• How ransomware groups like Scattered Spider exploit human error and system weaknesses.
• Why legacy systems and outdated platforms pose serious compliance and security risks.
• How cross-border cams originating in Southeast Asia are impacting U.S. and EU markets.
• What frameworks (NIST CSF, DORA, NIS2, and CISA CPGs) you should align with to build resilience.

The guide helps bridge that gap for smaller organizations who often lack the resources to stay ahead of emerging threats by offering actionable guidance, highlighting affordable best practices, and emphasizing the role of certified professionals in building strong cybersecurity programs.

Members and associates of ISC2 can access the guide by signing in to their account, visiting the Member Benefits page and clicking the Resource filter at the top of the page.

Shaped by Members, Informed by Practice
This guide is developed from member input gathered from workshops and conversations. It is then refined to highlight key developments in cybersecurity. It goes beyond surface trends to provide context and practical guidance. We hope this document serves our members as a living resource for fostering communication and feedback within the ISC2 community, while underscoring that the human element remains the greatest vulnerability in cybersecurity.

We welcome your ideas and suggestions to keep this paper relevant and responsive to the needs of the cybersecurity community. Please email us your thoughts or topics for future issues at guidanceteam@isc2.org.