The U.S. financial services industry has moved to a heightened state of alert for cyberthreats as the conflict in Iran intensifies following the killing of Iranian Supreme Leader Ali Khamenei last weekend in an air strike. Executives and analysts said firms have increased monitoring of networks and systems that underpin payments, clearing and settlement, trading platforms and Treasury markets because such infrastructure is a frequent target during geopolitical flare-ups.
Security managers at banks and other market participants are focusing on early detection and incident response, citing the sector's status as part of critical U.S. financial infrastructure. Those officials said the industry is watching for threats that historically rise in periods of international tension, including coordinated online actions by politically motivated groups.
"The industry remains vigilant and ready to respond to cyber threats at all times, and especially when global cybersecurity risks are heightened," said Todd Klessman, managing director for financial services cyber and technology at SIFMA, the industry group that conducts annual exercises to test whether financial firms can continue operating through major cyber emergencies.
Klessman added: "We continue to monitor the current situation with a focus on operational resilience, which is foundational to the integrity and stability of the U.S. capital markets."
Another senior banking industry official told analysts that lenders are very concerned about the probability of cyberattacks and view them as likely in the near term.
U.S. intelligence assessments have raised the prospect that Iran-aligned "hacktivists" could carry out low-level cyberattacks on American networks. Those attacks could take the form of distributed denial-of-service (DDoS) operations, where attackers flood targeted servers with traffic to impair availability.
Credit rating agency Morningstar DBRS noted that the most consequential risks to global banks and asset managers in the current environment are likely to be indirect - for example, sustained higher oil prices and borrower stress - but that cyber risks may also increase. "Iran could increase its cyberattacks against Western entities, including banks," the agency said.
U.S. investment bank Lazard's geopolitical advisory team also highlighted cyber threats this week, observing that Iran has previously demonstrated a willingness to use cyber capabilities against commercial targets, including financial systems.
The Financial Services Information Sharing and Analysis Center (FS-ISAC) reported in 2025 that the financial sector was the primary target of DDoS attacks in 2024, and that conflicts such as the Hamas-Israel and Russia-Ukraine wars had driven a surge in hacktivist operations. While the industry has not experienced a major, systemic disruption attributed to a hostile cyberattack in recent memory, bouts of DDoS activity and ransomware incidents have intermittently affected parts of the market.
FS-ISAC's analysis and other industry reporting note that smaller-scale disturbances can still have localized market effects. For example, a 2023 ransomware attack on the U.S. broker-dealer unit of the Industrial and Commercial Bank of China disrupted the settlement of some U.S. Treasury trades, illustrating how cyber incidents can touch key post-trade plumbing.
A spokesperson for FS-ISAC did not immediately provide a comment for this report.
Sector leaders say the current posture emphasizes preparedness and operational resilience rather than public alarm. Firms are prioritizing threat intelligence sharing, network monitoring, and contingency planning to ensure critical market functions remain available. Industry groups continue to exercise and test incident response plans across institutions to limit potential disruptions to payments, clearing and Treasury market operations.
Market participants and analysts cautioned that while many of the likely cyber actions being anticipated are low-level in nature, their cumulative effect - particularly if timed with other market stresses - could pose challenges to particular segments of the financial ecosystem.