Online criminals are increasingly concentrating on "soft target" small and medium-sized firms, the Financial Services Authority (FSA) has warned.
The organisation investigated 18 financial firms as part of a review of security and found that, while the large financial institutions had made progress with online security, smaller firms were falling behind.
"Hackers and fraudsters are refining and improving their techniques as we speak," said Philip Robinson, financial crime sector leader at the FSA.
"Having been the target of criminals in recent times, via the internet and other technologies, the major banks tend to have strong defences in place.
"But there is no room for complacency and criminals will seek to exploit vulnerable points where they can find them, including in other sectors or smaller firms."
The financial watchdog also found evidence of criminal gangs trying to get operatives recruited into financial institutions to help with fraud from the inside.
The FSA encouraged firms to vet staff applications thoroughly, and to take precautions against identity theft from insiders.
Companies are also advised to monitor technologies like instant messaging, and manage any staff use of USB keys or portable hard drives.
"For organisations not to take action to prevent security breaches is inexcusable, especially as it is simple and cost effective to install major hurdles to deter fraudsters," said Jackie Groves, managing director at security firm Utimaco Safeware.
"Using mobile technology as an example, it is simple to encrypt laptops, PDAs, smartphones, etc, or to put in place strong authentication which prevents these devices being attacked for the data they contain (passwords, login credentials, credit card details) whilst preventing them becoming a bridge onto a network."
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all