The Synopsys Software Integrity Group is now Black Duck®. Learn More

close search bar

Sorry, not available in this language yet

close language selection

[Infographic] Financial cybersecurity by the numbers

Black Duck Editorial Staff

Aug 13, 2019 / 2 min read

A recent examination of cybersecurity in the financial services industry found that while organizations are aware of cybersecurity risks, they feel they need more resources to address those risks. Our infographic illustrates some key findings from The State of Software Security in the Financial Services Industry. These highlights show the state of financial cybersecurity and what organizations should focus on. Download the PDF version, or read on for our analysis.


Get the report: The State of Software Security in the Financial Services Industry

The State of Financial Cybersecurity

Ponemon Institute surveyed 414 financial services industry organizations to determine the state of financial cybersecurity.
 

Attacks against FSI organizations
  • 56% have experienced an attack resulting in system failure and downtime.
  • 51% have had sensitive customer information stolen from their organization.
  • 38% have been the victim of ransomware or some other form of extortion.
     
Defense against attacks

Organizations felt confident they could detect attacks (56%) and contain attacks (53%). But they weren’t so confident they could prevent attacks (31%).
 

Vulnerability testing

Part of preventing attacks means testing software for vulnerabilities before releasing it. Only 34% of financial software is tested for cybersecurity vulnerabilities. Most financial organizations conduct security vulnerability assessments only after software release.

  • 11% Requirements & design
  • 37% Development & testing
  • 52% Post release and post production release

Only 25% are confident that they can detect cybersecurity vulnerabilities in their financial software and systems before going to market.
 

Third-party vulnerabilities

FSI organizations are increasingly delivering services with the help of third-party applications.

  • 74% are concerned about security vulnerabilities introduced by third-party suppliers.
  • 43% of financial organizations require third parties to adhere to cybersecurity requirements or to verify their security practices.
  • 43% do NOT have an established process for inventorying and managing open source code.
     
Why FSI organizations need open source management

The Black Duck Audit Services team reviewed 1,200+ codebases in 2018, and this is what they found:

  • 60% contained at least one open source vulnerability.
  • Over 40% contained high-risk vulnerabilities.
  • 68% contained components with license conflicts.

No financial services organization could run without software. But FSI organizations are still struggling to secure the software and systems they already use, and they aren’t prepared to face the flood of new technology racing their way. Clearly, financial cybersecurity is not keeping pace with technology advances, and the issue will only worsen unless the industry takes proactive steps now. Find out more in The State of Software Security in the Financial Services Industry report.

Report

Software Security in the Financial Services Industry

The State of Software Security in the Financial Services Industry

Discover the outcomes of an independent survey analyzing the present software security stance and its efficacy in handling security issues in the FSI sector.

Continue Reading

Explore Topics