Subscribe
A recent examination of cybersecurity in the financial services industry found that while organizations are aware of cybersecurity risks, they feel they need more resources to address those risks. Our infographic illustrates some key findings from The State of Software Security in the Financial Services Industry. These highlights show the state of financial cybersecurity and what organizations should focus on. Download the PDF version, or read on for our analysis.
Get the report: The State of Software Security in the Financial Services Industry
The State of Financial Cybersecurity
Ponemon Institute surveyed 414 financial services industry organizations to determine the state of financial cybersecurity.
Attacks against FSI organizations
- 56% have experienced an attack resulting in system failure and downtime.
- 51% have had sensitive customer information stolen from their organization.
- 38% have been the victim of ransomware or some other form of extortion.
Defense against attacks
Organizations felt confident they could detect attacks (56%) and contain attacks (53%). But they weren’t so confident they could prevent attacks (31%).
Vulnerability testing
Part of preventing attacks means testing software for vulnerabilities before releasing it. Only 34% of financial software is tested for cybersecurity vulnerabilities. Most financial organizations conduct security vulnerability assessments only after software release.
- 11% Requirements & design
- 37% Development & testing
- 52% Post release and post production release
Only 25% are confident that they can detect cybersecurity vulnerabilities in their financial software and systems before going to market.
Third-party vulnerabilities
FSI organizations are increasingly delivering services with the help of third-party applications.
- 74% are concerned about security vulnerabilities introduced by third-party suppliers.
- 43% of financial organizations require third parties to adhere to cybersecurity requirements or to verify their security practices.
- 43% do NOT have an established process for inventorying and managing open source code.
Why FSI organizations need open source management
The Black Duck Audit Services team reviewed 1,200+ codebases in 2018, and this is what they found:
- 60% contained at least one open source vulnerability.
- Over 40% contained high-risk vulnerabilities.
- 68% contained components with license conflicts.
No financial services organization could run without software. But FSI organizations are still struggling to secure the software and systems they already use, and they aren’t prepared to face the flood of new technology racing their way. Clearly, financial cybersecurity is not keeping pace with technology advances, and the issue will only worsen unless the industry takes proactive steps now. Find out more in The State of Software Security in the Financial Services Industry report.
Report
The State of Software Security in the Financial Services Industry
Discover the outcomes of an independent survey analyzing the present software security stance and its efficacy in handling security issues in the FSI sector.
Continue Reading
A new identity for the Synopsys Software Integrity Group
Aug 12, 2024 / 2 min read
CyRC Vulnerability Advisory: CVE-2024-5184s prompt injection in EmailGPT service
Jun 04, 2024 / 1 min read
CyRC Vulnerability Advisory: CVE-2024-5185 Data Poisoning Vulnerability in EmbedAI Application
May 27, 2024 / 1 min read