In a highly regulated industry, managing vast amounts of money and sensitive customer information, and providing services that are expected to be “always on” by customers, Financial Services organizations have more to lose than most from major incidents. Banks and other Financial Services providers are key targets for cyber attackers. Plus, their complex architecture, often made up of a mix of old and new technologies, is highly vulnerable to small issues creating large outages.
In 2025, we surveyed 300 major incident management professionals to find out more about their experiences and the challenges they faced responding to incidents in major enterprises. 16% of them work in Financial Services, and will be the focus of this article. Compared to other sectors in the August 2025 research, Financial Services/Insurance stands out for its high level of maturity in certain areas while facing significant pressure in others.
Is major incident risk increasing in Financial Services?
At 65%, the sector’s 12-month incident rate matches the survey average. However, it is significantly lower than Healthcare (90%). But why is this?
Due to strong regulatory pressures in Financial Services, banks must assume that a failure will happen and are legally required to map important business services and prove they can recover within a specific impact tolerance. Meanwhile, healthcare systems typically operate at near 100% capacity. When an incident occurs, there is no "slack" in the system to absorb the shock. Because healthcare focuses on patient throughput, it rarely has the budget for the redundant, idle "failover" systems that are standard in banking, hence the increased rate of major incidents. Banks typically have a higher budget and level of technical maturity than many other sectors, and are highly cognizant of the monetary cost of downtime.
However, there is a perception of risk becoming more of a concern; 76% believe major incident risk is rising. This is higher than the US average (74%) but notably lower than the UK (82%) and Manufacturing/Industrial (80%) sectors.
This geographical discrepancy is likely due to differences in culture between the UK and US around transparency, as UK rules dictate that financial firms must report incidents that exceed their impact tolerances, with annual reviews published by the UK National Cyber Security Centre. This level of granular, public reporting is less consistent in the US, where many private-sector incidents are handled quietly behind the scenes.
When it comes to comparing Financial Services and Manufacturing, this difference of risk perception could be caused by the different nature of the incidents in these industries - physical/hazardous incidents vs digital/transactional incidents, the fact that unplanned downtime costs the manufacturing sector roughly £736 million per week in the UK while banks can invest in hot-hot data centers that can failover instantly, safety culture vs security culture, and the supply chain complexity of manufacturing where a failure in one area can cause hugely impactful knock-on effects.
There are also different levels of concern about different threats. Organizations in this sector are specifically concerned about their ability to resolve the following incident types:
- Cybersecurity breaches: 92%
- Human error: 73%
- Third-party SaaS or service provider failures: 73%
Legacy infrastructure is also a significant concern for FS. 73% agree there are significant risks to their business associated with outdated major incident management procedures. Meanwhile, 80% feel increased pressure from new and evolving regulations to formalize and document their response processes.
While only 37% agree incidents are taking longer to resolve than a year ago (the best performance of any sector which overall average 52%), the average time to fully resolve major incidents affecting mission-critical applications is 3.2 hours. This is slightly slower than the survey mean (3.17 hours) and is outpaced by Retail (2.77 hours) and the Nordics (2.78 hours). So, while the financial sector’s maturity in this area is a strength, there is still work to be done to streamline mobilization, orchestration, and collaboration to bring down resolution times.
How is the approach to incident management changing?
In light of this increased perception of risk, longer response times, and greater regulatory scrutiny, many FS organizations are changing the way they respond to major incidents but some are lagging behind. The sector has the highest adoption of fully integrated major incident management approaches (72%), featuring automation, coordination, and real-time visibility, far exceeding the survey average of 26% and sectors like Healthcare (10%) but 57% admit they still rely too heavily on manual processes in their current response. 86% believe they must automate more in the next 12 months, placing them under more pressure than Manufacturing (76%) or the US average (77%).
Automation and AI sentiment in Financial Services
As might be expected from one of the more mature sectors we surveyed, most of our FS respondents recognized the benefits of increasing automation and implementing AI to improve incident response. 84% agree that their investment in automation has improved their major incident management process, but 86% still believe their processes must become more automated in the next 12 months to keep pace with rising risk.
Optimism about AI is high at 88%, though it is slightly lower than in the US overall (91%) and the Retail (98%) sector globally. One of the main concerns about using AI is allowing it to access sensitive information - while retail can use AI to analyze shoppers’ habits and recommend products to buy, banking information is much more sensitive and some in the sector view AI as a high risk to keeping that information secure.
What our findings suggest for incident response in banking in 2026
The findings from our 2025 survey highlight a sector at a critical crossroads. While Financial Services organizations lead the pack in adopting integrated incident management frameworks, they are simultaneously grappling with a landscape where the stakes and scrutiny have never been higher.
The data reveals a clear mandate for the coming year: To bridge the gap between their current maturity and the escalating threats of cybersecurity breaches and third-party failures, FS firms must focus on three strategic pillars:
- Accelerated automation: With 86% of professionals acknowledging that manual processes are no longer sustainable, the transition from "integrated" to "automated" is the next essential leap to reduce the 3.2-hour average resolution time.
- Legacy transformation: Addressing the 73% of respondents worried about outdated procedures is no longer optional. Modernizing the response layer is just as vital as modernizing the infrastructure itself.
- Regulatory readiness: As 80% of the sector feels the heat from evolving regulations, documentation and formalization must shift from a reactive burden to a seamless, automated byproduct of the incident response workflow.
Ultimately, Financial Services institutions are proving to be resilient, yet they remain wary. The high optimism regarding AI and automation suggests that the industry is ready to invest in the tools necessary to stay ahead. However, the true winners will be those who can successfully marry this technological optimism with rigorous, documented execution to meet both customer expectations and regulatory demands.