Top-performing BFSI enterprises remediate over 9% of open flaws monthly, while lagging organizations have security debt in 85% or more of their applications.

77% of financial services organizations reported accruing some level of security debt.

Open-source flaws account for over 82% of critical security debt at financial firms, despite third-party code representing only 17% of total security debt.

63% of banking, financial services, and insurance organizations reported harboring critical security debt in 2025, which is 13 percentage points higher than the cross-industry average.

The average flaw half-life for financial services organizations is 276 days, indicating it takes nearly a month longer to fix security issues than in other industries.