64% of financial services organizations cite compliance requirements as important security drivers.

27% of individuals whose online bank accounts have been hacked experience victim blaming.

In India, greater than a third (35%) of respondents trust banks the least.

87% of UK IT leaders in the finance sector report exposure to email-related incidents.

Within both financial services and commercial/consumer sectors, 41% of professionals reported actively evaluating AI tools.

Financial services and the public sector currently report the lowest adoption rates of AI tools, at 21% and 16%, respectively.

90 third-party vendors are flagged with high-risk threat categories. Among these, 35 vendors are marked with Known Exploited Vulnerabilities (KEV) tags.

65% of third-party vendors are not maintaining current patch levels, which exposes financial institutions to inherited risk from known vulnerabilities (CVEs) and potentially unpatched zero-day vulnerabilities in legacy technologies.

There were 191 disclosed ransomware victims in the financial sector in 2023.

Cl0p claimed responsibility for targeting companies using unpatched versions of Cleo's MFT products in December 2024.

Nearly one-third (26.6%) of finance threat actors are attributed to "Other", which includes emerging or short-lived groups, highlighting a more fragmented and unpredictable ransomware landscape.

As of mid-2025, only 55 ransomware victims have been disclosed in the financial sector.

There were 156 disclosed ransomware victims in the financial sector in 2024.

Black Kite researchers found that 31 out of 140 third-party vendors have at least one critical vulnerability with a CVSS at or above 8. 15 vendors show an extremely high risk with CVSS scores above 9.

35.2% of financial organizations plan to invest in real-time audit log solutions.

8.5% of teams at financial organizations still rely mostly on manual efforts for compliance reporting.

2.1% of teams at financial organizations have no visibility into how long it takes to revoke access to high-risk systems requiring elevated privileges after an employee exits or changes roles.

46.3% of teams at financial organizations have partially automated compliance reporting.

Apart from the GDPR and ISO 27001/27001, other regulations mentioned as challenging by financial organizations include SOX (10.9%), GLBA (8.4%), and NYDFS (7.4%).

17.7% of teams at financial organizations report spending 25+ hours monthly on gathering data for audits and access reviews.