Many top financial firms hit by data breaches in the past year
Most firms in the EU have a poor security posture
More than three-quarters (78%) of financial institutions in the European Union (EU) suffered a data breach in the last 12 months, a new report from SecurityScorecard has claimed.
The information security company set out to determine the state of cybersecurity among organizations that must comply with the Digital Operational Resilience Act (DORA) by January 2025.
To do that, it analyzed 240 of the largest financial institutions in the EU, as well as their third- and fourth-party vendor operations in Europe. This amounted to an ecosystem of 26,142 domains. It picked the 240 organizations based on current revenue, assets under management, or gross written premium.
Fourth-party risk
The firms analyzed include private equity, asset management, retail banks, Insurance, and pension funds.
Besides the vast majority suffering a cyberattack, an even bigger percentage (84%) were exposed to a fourth-party breach. As per the researchers, there is a “vast web of unseen risks” hiding in plain sight, requiring visibility across the entire third- and fourth-party ecosystem. Despite the findings, businesses lack consensus on how to measure and track fourth-party risks, it was said.
Furthermore, just 3% of the third-party vendors that were analyzed for the report suffered a breach. There is a “massive butterfly effect” here that the threat actors are just now starting to leverage, the researchers say, adding that supply chain attacks are growing more popular among hackers.
In conclusion, almost a fifth (18%) had a poor cybersecurity rating (C or lower), which makes them four to seven times more likely to suffer a data breach, compared to those with the highest rating. To predict a data breach, businesses should pay attention to these factors, the researchers concluded: endpoint security; patching cadence; ransomware score; DNS health; IP reputation; cubit score; and network security.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“If nearly 20% of the most well-resourced financial entities in the EU have grades of C or worse, then it’s likely that the overall cyber resilience for other financial entities is actually much lower,” said Matthew McKenna, Chief Sales Officer, SecurityScorecard.
- Check out the best firewalls
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.