Perspective

Stay ahead of rising cybersecurity risks

A glimpse into the current threat landscape and what firm leaders can do to stay safe

Cybersecurity risks aren’t just technology risks—they’re business, client trust, and fiduciary risks. As attacks have become increasingly professional, well-resourced, and automated, the threat landscape has grown in scale. Firm leaders should consider the steps they can take to help mitigate these risks, to protect their clients and their business.

We’ve identified some key risks, along with high-level steps leaders can take to help mitigate those risks. Firm leaders that are ready to dig into this issue more deeply can review our cybersecurity resources or contact their Fidelity relationship manager.

The evolving cyberthreat landscape

In 2025, the frequency and severity of cyberattacks rose significantly across a wide range of tactics. This includes a rise in fraud tactics—such as impersonating tech support and disguising fraudulent websites—to trick people into sharing sensitive information or installing malware. While these attacks impact a variety of industries, financial services firms are prime targets, and wealth managers that suffer a breach can face regulatory, operational, and reputational consequences in addition to financial losses.

2025 Cyberthreat Trends

739
Data breaches: In a record year for breaches, the 739 in financial services was the highest of any industry.¹
58%
Ransomware: There was a 58% rise to a new high point in ransomware activity.² Average cost is also up 17%.³
2X
Social engineering: H1 2025 saw more vishing attacks than all of 2024⁴, on pace to surpass 2X growth YOY.
800%
Network attacks: Edge attacks are up 800%.⁵ In financial services, system intrusion is the top path to a breach.⁶
100%
Supply chain attacks: 30% of all breaches involved a third party (including software vulnerabilities)—a 100% rise YOY.⁶
149%
Mobile threats: 16M+ new domain names registered to support cyberattacks (including smishing)—a 149% rise YOY.⁷

The growing use of artificial intelligence (AI) in cybercrime
The growing use of artificial intelligence (AI) in cybercrime

Like so many others, cybercriminals are using AI to make their work easier and more effective. Indeed, the rapid rise of new AI tools has played an outsized role in the growth of cybercrime over the last year, enabling bad actors to operate at an elevated level of scale and sophistication.

  • 45% of financial services firms experienced an AI-powered cyberattack in the past 12 months.8
  • AI is increasing the speed of attack; the fastest 25% of intrusions reach exfiltration 4X faster YOY.9
  • AI-automated phishing emails achieved 4.5X higher click-through rates (54%) than standard attempts.10

This shift raises the stakes for firms to ensure that they have and follow fundamentally sound cybersecurity practices. Learn more about how to defeat the AI-enabled cybercriminal.
What firm leaders can do to stay safe

While these threats are significant, there are some relatively fundamental steps firm leaders can take to help protect against them. This includes staying alert, securing credentials, and using good device hygiene. In an increasingly interconnected world, firm leaders also need to engage advisors, staff, clients, and vendors on these issues to address the full spectrum of their risk, while building safeguards into everyday operations.

1. Stay vigilant
1. Stay vigilant
To stay ahead of these threats, firm leaders, advisors, staff, and clients all must remain vigilant. This means monitoring evolving risks, investing in ongoing education, and cultivating a healthy suspicion of unverified requests, networks, and hyperlinks. Regularly evaluate the security of technology and other vendors, and build vigilance into everyday decisions and processes.
2. Strengthen authentication
2. Strengthen authentication
Strong authentication practices are one of the most effective ways to reduce cyber risk. This includes using multi‑factor authentication, strong and unique passwords, and password managers, for both financial and secondary accounts (such as email and mobile). Regularly reviewing permissions and limiting access to sensitive systems, based on role and necessity, can also make an impact.
3. Protect devices
3. Protect devices
Vigilance and authentication practices can bolster security, but leaders should also take steps to secure their devices and networks. This includes keeping software current, setting up regular and automatic updates, and maintaining active threat monitoring and defense solutions, including anti-virus software. Data back-up and use of mobile device security features are also critical.

Multi-factor authentication (MFA) blocks more than 99% of unauthorized access attempts.10

Explore more on:
Artificial intelligence Cybersecurity Platform technology

Next steps to consider

Digital Assets

Explore the exciting world of digital assets, with a focus on blockchain technology, cryptocurrency investing, and more.

Learn more

Wealthscape

Drive efficiency and seamless digital experiences with Wealthscape's intuitive and flexible technology.

Learn more

Practice Management

Find out how our team can support you and your firm with data-rich and personalized content designed to help you optimize client outcomes and drive sustainable growth.

Learn more

Related insights

View all
Spotlight
Cybersecurity risk management
Explore cybersecurity risk management strategies for protecting data, and share resources with clients to help keep their financial information secure.
Spotlight
AI in wealth management
Artificial intelligence (AI) is rapidly evolving, with applications like ChatGPT taking this old field of study to new heights. Find out more about this technology, its risks, and its potential to transform the future of wealth management.
Perspective
Wealth management trends for 2026: Six questions driven by a wave of change
A look at what may impact wealth managers and their clients in the coming year, from AI, asset classes, and M&A activity, to the way high-net-worth investors will be measuring success.

For more information, please contact your Fidelity representative.

Contact us

Intended for investment professional use.

1. ITRC 2025 Annual Data Breach Report, Identity Theft Resource Center, January 2026

2. Ransomware Attacks Increased by 58% in 2025, HIPAA Journal, January 2026

3. Ransomware Costs Jump 17% in 2025 Despite Fewer Cyberinsurance Claims, Resilience, September 2025

4. 2025 CrowdStrike Threat Hunting Report, CrowdStrike, August 2025. https://www.crowdstrike.com/en-us/press-releases/crowdstrike-releases-2025-threat-hunting-report/

5. Hackers Exploiting Edge Devices: How to Defend Your Organization, CompliancePoint Blog, May 2025. https://www.compliancepoint.com/cyber-security/hackers-exploiting-edge-devices-how-to-defend-your-organization/

6. 2025 Data Breach Investigations Report, Verizon, April 2025

7. Cybercrime Supply Chain 2025, Interisle Consulting Group, November 2025

8. Exclusive: Financial sector most susceptible to AI-powered cyberattacks, Axios, July 2025

9. 2026 Global Incident Response Report, Unit 42, Palo Alto Networks, February 2026

10. Digital Defense Report 2025, Microsoft, October 2025. https://www.microsoft.com/en-us/security/security-insider/threat-landscape/microsoft-digital-defense-report-2025

1261319.1
434A2588F90E4C6E88E5DEEC1D4EB102