Many top financial firms hit by data breaches in the past year

A white padlock on a dark digital background.

(Image credit: Shutterstock.com)

More than three-quarters (78%) of financial institutions in the European Union (EU) suffered a data breach in the last 12 months, a new report from SecurityScorecard has claimed.

The information security company set out to determine the state of cybersecurity among organizations that must comply with the Digital Operational Resilience Act (DORA) by January 2025.

To do that, it analyzed 240 of the largest financial institutions in the EU, as well as their third- and fourth-party vendor operations in Europe. This amounted to an ecosystem of 26,142 domains. It picked the 240 organizations based on current revenue, assets under management, or gross written premium.

Fourth-party risk

The firms analyzed include private equity, asset management, retail banks, Insurance, and pension funds.

Besides the vast majority suffering a cyberattack, an even bigger percentage (84%) were exposed to a fourth-party breach. As per the researchers, there is a “vast web of unseen risks” hiding in plain sight, requiring visibility across the entire third- and fourth-party ecosystem. Despite the findings, businesses lack consensus on how to measure and track fourth-party risks, it was said.

Furthermore, just 3% of the third-party vendors that were analyzed for the report suffered a breach. There is a “massive butterfly effect” here that the threat actors are just now starting to leverage, the researchers say, adding that supply chain attacks are growing more popular among hackers.

> Data breach sees nearly 5 million users hit at major loan firm

> Revolut hit by data breach, users warned of phishing attacks

> Check out the best endpoint protection services right now

In conclusion, almost a fifth (18%) had a poor cybersecurity rating (C or lower), which makes them four to seven times more likely to suffer a data breach, compared to those with the highest rating. To predict a data breach, businesses should pay attention to these factors, the researchers concluded: endpoint security; patching cadence; ransomware score; DNS health; IP reputation; cubit score; and network security.

“If nearly 20% of the most well-resourced financial entities in the EU have grades of C or worse, then it’s likely that the overall cyber resilience for other financial entities is actually much lower,” said Matthew McKenna, Chief Sales Officer, SecurityScorecard.

Check out the best firewalls

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.