The chief of Europol says online thieves are shifting their targets from bank customers to the banks themselves.

“That has been an important change,” Europol director Rob Wainwright told reporters at a cyber security summit in The Hague.

He said hacks were showing a remarkable “level of sophistication, in terms of the malware that's being used, and in terms of the sophisticated social engineering to identify the most important personnel among the banks' employees”.

He said that for every case reported in the media, there are many more never made public.

“Now that's dangerous because in those cases it led to millions of losses, multi-million losses,” he said.

“But it also shows a level of capability that is getting higher all the time, and perhaps runs the risk of outstripping the ability of the banks to deal with it.

“It is raising serious questions about, even, about the health of the financial services industry.”

He said there is a limited number of “kingpins” behind hacks on banks - between 100 and 1,000 – most of which come from Russia or Ukraine.

“Certainly, in terms of the banking trojans, we say its ostensibly a Russian-speaking problem,” Wainwright said.

He said banks should improve their defences by finding which employees are most vulnerable to attack, especially among those with authority over vital infrastructure.

The Europol leader said cyber-criminals are “very dependent on their code writers and they are not infinite in number”.

Wainwright indicated police could be devoting special resources to finding the creators of malware, which can be bought and used by almost anyone.