More than 40% of Fintech Breaches Linked to Third-Party Vendors

SecurityScorecard released a report providing an exploration of notable fintech companies’ cybersecurity postures. An analysis of 250 of the top fintech organizations reveals a disconnect between secure internal controls and external supply chain threats. According to the findings, fintech firms had the greatest security posture among analyzed industries, gaining a median score of 90. 55.6% received an “A” rating. 

Yet, there were still weaknesses to be exploited. 41.8% of breaches could be linked to third-party attack vectors. Fourth-party vulnerabilities accounted for an added 11.9%. This is more than double the global average.

Among the analyzed fintech companies, 18.4% faced publicly reported breaches. 28.2% experienced more than one incident. Furthermore, 63.9% of third-party breaches were associated with technology products and services, with cloud platforms and file transfer software being the most common points of compromise. The most common weaknesses were Application Security and DNS Health, with 46.4% of organizations scoring the lowest in application security.