64% of financial services organizations cite compliance requirements as important security drivers.

27% of individuals whose online bank accounts have been hacked experience victim blaming.

In India, greater than a third (35%) of respondents trust banks the least.

87% of UK IT leaders in the finance sector report exposure to email-related incidents.

Within both financial services and commercial/consumer sectors, 41% of professionals reported actively evaluating AI tools.

Financial services and the public sector currently report the lowest adoption rates of AI tools, at 21% and 16%, respectively.

There were 191 disclosed ransomware victims in the financial sector in 2023.

90 third-party vendors are flagged with high-risk threat categories. Among these, 35 vendors are marked with Known Exploited Vulnerabilities (KEV) tags.

Nearly one-third (26.6%) of finance threat actors are attributed to "Other", which includes emerging or short-lived groups, highlighting a more fragmented and unpredictable ransomware landscape.

Black Kite researchers found that 31 out of 140 third-party vendors have at least one critical vulnerability with a CVSS at or above 8. 15 vendors show an extremely high risk with CVSS scores above 9.

There were 156 disclosed ransomware victims in the financial sector in 2024.

As of mid-2025, only 55 ransomware victims have been disclosed in the financial sector.

65% of third-party vendors are not maintaining current patch levels, which exposes financial institutions to inherited risk from known vulnerabilities (CVEs) and potentially unpatched zero-day vulnerabilities in legacy technologies.

Cl0p claimed responsibility for targeting companies using unpatched versions of Cleo's MFT products in December 2024.

23.8% of financial organizations plan to invest in automated access controls.

35.2% of financial organizations plan to invest in real-time audit log solutions.

8.5% of teams at financial organizations still rely mostly on manual efforts for compliance reporting.

17.7% of teams at financial organizations report spending 25+ hours monthly on gathering data for audits and access reviews.

2.1% of teams at financial organizations have no visibility into how long it takes to revoke access to high-risk systems requiring elevated privileges after an employee exits or changes roles.

31% of teams at financial organizations revoke access to high-risk systems requiring elevated privileges in hours, while 38% do it instantly.