Software Integrity Blog

 

[Infographic] Financial cybersecurity by the numbers

A recent report on financial cybersecurity practices found that while organizations are aware of risks, they need more resources to address those risks.

[Infographic] Financial cyber security by the numbers

A recent examination of cybersecurity in the financial services industry found that while organizations are aware of cybersecurity risks, they feel they need more resources to address those risks. Our infographic illustrates some key findings from The State of Software Security in the Financial Services Industry. These highlights show the state of financial cybersecurity and what organizations should focus on. Download the PDF version, or read on for our analysis.

Get the report: The State of Software Security in the Financial Services Industry

The State of Financial Cybersecurity

Ponemon Institute surveyed 414 financial services industry organizations to determine the state of financial cybersecurity.

Attacks against FSI organizations

  • 56% have experienced an attack resulting in system failure and downtime.
  • 51% have had sensitive customer information stolen from their organization.
  • 38% have been the victim of ransomware or some other form of extortion.

Defense against attacks

Organizations felt confident they could detect attacks (56%) and contain attacks (53%). But they weren’t so confident they could prevent attacks (31%).

Vulnerability testing

Part of preventing attacks means testing software for vulnerabilities before releasing it. Only 34% of financial software is tested for cybersecurity vulnerabilities. Most financial organizations conduct security vulnerability assessments only after software release.

  • 11% Requirements & design
  • 37% Development & testing
  • 52% Post release and post production release

Only 25% are confident that they can detect cybersecurity vulnerabilities in their financial software and systems before going to market.

Third-party vulnerabilities

FSI organizations are increasingly delivering services with the help of third-party applications.

  • 74% are concerned about security vulnerabilities introduced by third-party suppliers.
  • 43% of financial organizations require third parties to adhere to cybersecurity requirements or to verify their security practices.
  • 43% do NOT have an established process for inventorying and managing open source code.

Why FSI organizations need open source management

The Black Duck Audit Services team reviewed 1,200+ codebases in 2018, and this is what they found:

  • 60% contained at least one open source vulnerability.
  • Over 40% contained high-risk vulnerabilities.
  • 68% contained components with license conflicts.

No financial services organization could run without software. But FSI organizations are still struggling to secure the software and systems they already use, and they aren’t prepared to face the flood of new technology racing their way. Clearly, financial cybersecurity is not keeping pace with technology advances, and the issue will only worsen unless the industry takes proactive steps now. Find out more in The State of Software Security in the Financial Services Industry report.

Get the State of Software Security in the Financial Services Industry

 

More by this author