64% of financial services organizations cite compliance requirements as important security drivers.

27% of individuals whose online bank accounts have been hacked experience victim blaming.

In India, greater than a third (35%) of respondents trust banks the least.

87% of UK IT leaders in the finance sector report exposure to email-related incidents.

Financial services and the public sector currently report the lowest adoption rates of AI tools, at 21% and 16%, respectively.

Within both financial services and commercial/consumer sectors, 41% of professionals reported actively evaluating AI tools.

90 third-party vendors are flagged with high-risk threat categories. Among these, 35 vendors are marked with Known Exploited Vulnerabilities (KEV) tags.

There were 191 disclosed ransomware victims in the financial sector in 2023.

Nearly one-third (26.6%) of finance threat actors are attributed to "Other", which includes emerging or short-lived groups, highlighting a more fragmented and unpredictable ransomware landscape.

65% of third-party vendors are not maintaining current patch levels, which exposes financial institutions to inherited risk from known vulnerabilities (CVEs) and potentially unpatched zero-day vulnerabilities in legacy technologies.

Cl0p claimed responsibility for targeting companies using unpatched versions of Cleo's MFT products in December 2024.

As of mid-2025, only 55 ransomware victims have been disclosed in the financial sector.

There were 156 disclosed ransomware victims in the financial sector in 2024.

Black Kite researchers found that 31 out of 140 third-party vendors have at least one critical vulnerability with a CVSS at or above 8. 15 vendors show an extremely high risk with CVSS scores above 9.

35.2% of financial organizations plan to invest in real-time audit log solutions.

8.5% of teams at financial organizations still rely mostly on manual efforts for compliance reporting.

17.7% of teams at financial organizations report spending 25+ hours monthly on gathering data for audits and access reviews.

2.1% of teams at financial organizations have no visibility into how long it takes to revoke access to high-risk systems requiring elevated privileges after an employee exits or changes roles.

Apart from the GDPR and ISO 27001/27001, other regulations mentioned as challenging by financial organizations include SOX (10.9%), GLBA (8.4%), and NYDFS (7.4%).

25.1% of financial organizations plan to invest in compliance automation platforms.