Skip to main content
Explore our brands An Informa TechTarget Publication
close search
site logo

Bank regulators warn of increased cyber risk from Iran war

California and New York agencies urged lenders to practice heightened cyber awareness amid the military strikes on Iran, saying “recent events warrant vigilance.”

Published March 12, 2026
Caitlin Mullen's headshot
Senior Reporter
A pile of rubble with an Iranian flag stuck in it is shown.
An Iranian flag is planted in the rubble of a police station, damaged in airstrikes yesterday, on March 3, 2026 in Tehran, Iran. Majid Saeedi / Stringer via Getty Images

Regulators are warning financial institutions of increased cybersecurity risk amid the Iran war.

The California Department of Financial Protection and Innovation sent the firms it regulates a bulletin last week informing them of the need for heightened cyber awareness, said Christina Tetreault, a deputy commissioner with the DFPI. 

With the military action occurring in the Middle East, Iran has said it will target financial institutions, specifically those in the region linked to the U.S. and Israel. Citi and Standard Chartered told staff not to come into offices in Dubai, The New York Times reported. Goldman Sachs has done likewise, according to Bloomberg. HSBC closed branches in Qatar.

Threats from the conflict in the region extend to the cyber realm, Tetreault indicated.

“Making sure that our licensees and covered persons really are vigorous in their cybersecurity defenses is very much part of what we're working to do with bulletins and other advice and educational materials,” Tetreault said Wednesday during a Banking Dive-Payments Dive virtual event.

It’s also a topic of conversations between the state’s examiners and licensees, she noted. “We're very eager to see people really fortify those defenses,” Tetreault said, because “we know that financial institutions are a target.”

Similarly, the New York Department of Financial Services issued a letter last week to chief information security officers of its regulated institutions, alerting them to increased risk of cyberattacks from global conflict, saying “recent events warrant vigilance.”  

Late Wednesday, Michigan-based medical equipment company Stryker said it was experiencing a global network disruption due to a cyberattack, MedTech Dive reported. An Iran-linked threat actor that researchers call Handala claimed credit for the attack, according to Check Point Research.

Fitch Ratings warned Monday that hacktivists, state-sponsored groups or solo actors may target critical infrastructure and U.S. public entities through cyberattacks, in response to the bombing campaign that began Feb. 28, Cybersecurity Dive reported.

The DFPI’s bulletin said California financial institutions are “encouraged to maintain a high level of awareness as the situation overseas continues to unfold.” 

NYDFS also encouraged financial institutions to review their cybersecurity programs, making sure they’re compliant with the department’s cyber regulation, and ensuring cyber practices reflect a “heightened threat environment.” 

Regulated entities were urged to mitigate security vulnerabilities to reduce access points for bad actors, monitor web traffic to be able to identify attacks intended to disrupt traffic to a network, and remove or reduce devices connected to the public internet and disable unused ports, according to California’s bulletin.

Banks and other firms were encouraged to prepare for cyber incidents by reviewing and testing procedures and response playbooks to protect and restore essential functions, information systems and nonpublic information. Financial institutions should confirm detection thresholds and escalation channels are sufficient, the state agencies said.   

California and New York regulators also recommended lenders bolster monitoring for suspicious activity on information systems; monitor communication from supply chain partners; ensure alternate secure communication channels are available if main networks are affected; confirm strategies to communicate to employees and customers are sufficient if system and service disruptions are protracted; and monitor for disinformation involving their company.

Financial institution CISOs should also ensure minimum possible user and service account permissions and privileges, when it comes to accessing and maintaining web servers and databases; and restrict and validate user inputs before forwarding to databases, to protect against cyberattacks that involve injecting malicious code into an application.

Tetreault encouraged California-licensed financial institutions to reach out to the DFPI for cyber-related resources.

A spokesperson for FS-ISAC, a cybersecurity information-sharing organization for the financial industry, said the group is coordinating with other entities “to ensure our ecosystem has continuous access to the latest intelligence and guidance to protect the global financial system” amid military action in the Middle East.

“Geopolitical conflicts and ongoing tensions have always presented opportunities for threat actors to target the financial sector. Recent events have shown that it is vital that the sector remains vigilant against increased nation-state activity and hacktivism,” the spokesperson said.

The Federal Reserve, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp. declined to comment. The Treasury Department and Financial Crimes Enforcement Network didn’t respond to a request for comment. 

Editors' picks

Company Announcements

View all | Post a press release
Machias Savings Bank Expands Manchester Commercial Banking Team with Andrew Patton and Jamie B…
From Machias Savings Bank
March 12, 2026
Machias Savings Bank logo
OpenLegacy Launches Integrated Platform for Agile Mainframe Modernization, Supported by AWS
From OpenLegacy
March 12, 2026
OpenLegacy logo
Unitus Community Credit Union Accelerates Community Impact Through JUDI.AI Partnership
From Unitus Community Credit Union
February 19, 2026
$23 Billion Beacon Bank Goes Live with Narmi One for Digital Banking and Account Opening Acros…
From Narmi
March 03, 2026
Narmi logo
Editors' picks
Latest in Regulations & Policy
This website is owned and operated by Informa TechTarget, a global network that informs, influences and connects the world's technology buyers and sellers.

© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. An Informa PLC company.
Privacy policy | Terms of use | Take down policy | Cookie Preferences / Do Not Sell