Cybersecurity in the financial sector is a dynamic and evolving policy field with unique challenges and specific characteristics. While it has recently received a lot of attention from disciplines like Economics and Politics, legal literature on this topic, especially with regard to EU law, still lags behind. This is surprising, given that cybersecurity in the EU is characterized by complex governance structures, a variety of legal sources, and a wide range of different rule makers and involved actors, and given that only a clear legal framework with efficient institutions at both EU and Member State level can provide for a safe digital environment. The purpose of this Article, therefore, is twofold: On the one hand, it aims to introduce the legal aspects of cybersecurity in the financial sector while taking stock of existing cybersecurity schemes, including their strengths and weaknesses from a legal perspective. On the other hand, it will set out key elements that cybersecurity regulation in the financial sector must respect in order to be effective and come up with reform proposals to make the EU financial sector more cybersecure.