41.8% of breaches impacting top fintech companies originated from third-party vendors.

Application Security and DNS Health were the most common weaknesses, with 46.4% of fintech companies scoring lowest in application security.

28.2% of fintech companies that experienced publicly reported breaches had multiple incidents.

Fourth-party exposures accounted for an additional 11.9% of breaches on fintech companies, which is more than double the global average.

The breach rate has surged to 55% during the past year. This represents a 17% year-on-year (YoY) rise in breach rates.

Technology products and services were linked to 63.9% of third-party breaches. File transfer software and cloud platforms were the most frequent points of compromise within this category.

More than half (55%) of respondents lack confidence in their current cloud security tools’ ability to detect breaches, citing limited visibility as the core issue.

18.4% of fintech companies experienced publicly reported breaches.

The percentage of respondents reporting a breach within the last 12 months has fallen from 23% in 2021 to just 14% in 2025.

In 2021, 56% of surveyed enterprises reported experiencing a breach. That figure has dropped to 45% in 2025.

Manufacturing has experienced a dramatic, nearly sixfold surge in espionage-motivated breaches, jumping to 20% from just 3% last year.

Third-party involvement in breaches doubled to 30% in this year's report.

In EMEA, nearly a third (29%) of breaches originated from within the organisation.

SpyCloud recaptured 3,562 third-party breach records in 2024. These third-party breaches amounted to 7.6+ billion breach records.

SMBs are twice as likely to be unaware they’ve been breached by more sophisticated attacks, like a deepfake, compared with more common threats like network downtime.

14% of consumers experienced an online attack.

Twenty-eight percent of consumers had a social media account hacked.

23% of consumers had personal information compromised in a data breach.