"Right now, financial institutions are actively under attack. We know that. I'm not giving you any classified information," Napolitano said Wednesday during a cybersecurity event sponsored by The Washington Post. "I will say this has involved some of our nation's largest institutions."
Stock exchanges also have been subject to cyberattacks during the last few years so officials know "there are vulnerabilities," she said.
She didn't elaborate about the cyberattacks, The Hill reported.
"All I want to say is that there are active matters going on with financial institutions," she said.
Earlier this fall, the public websites of Wells Fargo, Bank of America, JP Morgan Chase and others were victims of denial of service attacks, rendering them inaccessible to customers, The Hill said.
The nation needn't look any further than the havoc created by Hurricane Sandy to understand the need to boost cybersecurity protections, she said.
"If you think that a critical systems attack that takes down a utility even for a few hours is not serious, just look at what is happening now that Mother Nature has taken out those utilities," the secretary said.
Napolitano called on Congress to pass legislation that would help shield critical infrastructure from cyberattacks. Senate Republicans had blocked such a bill, arguing it would add additional costs onto businesses and saddle them with new security rules.
Asked how President Obama may address cybersecurity if he wins re-election, Napolitano said he "shares our concerns" and likely would act, Politico reported. "I think he will have to consider an executive order that covers many of the areas legislation would cover, but it's not a complete substitute for legislation," Napolitano said. "There are some things only legislation can provide."