The consequences of cyber attacks on the financial sector go well beyond those suffered by the individuals and firms directly involved and may even lead to the destabilization of the system itself. The concern is all the greater given that banks and similar institutions play a much more critical role than most people realize and the nature of their operation already invites risk taking at the best of times. Bad actors hoping to sow chaos surely understand the trouble they could cause by targeting the financial underpinning of our economy. This paper will argue that while the cyber defense of the financial sector should be assigned a high priority, a wide net need not be cast since the greatest threat comes not from national actors but terrorist groups and the like. This suggests a very different strategy than one might adopt in defense of military assets or technology, an indirect approach that aims at disrupting bad actors’ ability to accumulate resources, design offensive tools, and reconnoiter for possible weaknesses. Their greatest challenge is in creating sufficient time and space to plan operations with any more significance than random vandalism and DDOS attacks. Our goal should be to deny them this.