64% of financial services organizations cite compliance requirements as important security drivers.

27% of individuals whose online bank accounts have been hacked experience victim blaming.

In India, greater than a third (35%) of respondents trust banks the least.

87% of UK IT leaders in the finance sector report exposure to email-related incidents.

Financial services and the public sector currently report the lowest adoption rates of AI tools, at 21% and 16%, respectively.

Within both financial services and commercial/consumer sectors, 41% of professionals reported actively evaluating AI tools.

As of mid-2025, only 55 ransomware victims have been disclosed in the financial sector.

Black Kite researchers found that 31 out of 140 third-party vendors have at least one critical vulnerability with a CVSS at or above 8. 15 vendors show an extremely high risk with CVSS scores above 9.

Cl0p claimed responsibility for targeting companies using unpatched versions of Cleo's MFT products in December 2024.

There were 156 disclosed ransomware victims in the financial sector in 2024.

65% of third-party vendors are not maintaining current patch levels, which exposes financial institutions to inherited risk from known vulnerabilities (CVEs) and potentially unpatched zero-day vulnerabilities in legacy technologies.

90 third-party vendors are flagged with high-risk threat categories. Among these, 35 vendors are marked with Known Exploited Vulnerabilities (KEV) tags.

There were 191 disclosed ransomware victims in the financial sector in 2023.

Nearly one-third (26.6%) of finance threat actors are attributed to "Other", which includes emerging or short-lived groups, highlighting a more fragmented and unpredictable ransomware landscape.

Apart from the GDPR and ISO 27001/27001, other regulations mentioned as challenging by financial organizations include SOX (10.9%), GLBA (8.4%), and NYDFS (7.4%).

17.7% of teams at financial organizations report spending 25+ hours monthly on gathering data for audits and access reviews.

25.1% of financial organizations plan to invest in compliance automation platforms.

31% of teams at financial organizations revoke access to high-risk systems requiring elevated privileges in hours, while 38% do it instantly.

Managing third-party access (35%), tracking least privilege enforcement (24.2%), and producing audit logs (23.1%) remain the biggest pain points for financial organizations.

33.9% of teams at financial organizations use role-based access with limited audit trails for access to high-risk systems requiring elevated privileges.