July 22, 2025
Home Banking Cybersecurity in Banking: Why 92% of Finance Vendors Fail
Banking

Cybersecurity in Banking: Why 92% of Finance Vendors Fail

  • July 22, 2025
  • 5 minutes read
  • 17 hours ago


When there is a cyberattack on a financial institution, we rarely hear about how its third-party vendors contributed to the incident.

Just last year, more than half of large UK financial services firms experienced at least one third-party supply chain attack, highlighting serious gaps in vendor risk management across the sector.

While financial firms are beginning to raise the bar of their internal cyber defenses, the same can’t be said for many of their vendors. This was at the heart of several findings made by Black Kite’s 2025 State of Financial Services report, where 92% of finance-sector vendors scored poorly on information disclosure, and 65% were said to rank low on essential security patching. That makes strong internal security meaningless if the extended vendor ecosystem remains exposed.

We spoke to Dr. Ferhat Dikbiyik, Black Kite’s Chief Research & Intelligence Officer (CRIO), to further explore how vendor risk is quietly becoming the banking industry’s biggest security liability.

Key Takeaways

  • Financial institutions remain vulnerable to cyberattacks through third-party vendors, especially those with poor security practices.
  • Even well-protected banks can be compromised if a single partner exposes internal systems or misconfigures servers.
  • Up to 92% of finance sector vendors perform poorly in terms of information disclosure.
  • Static assessments and security questionnaires are no longer enough in a rapidly changing threat landscape.
  • Continuous visibility and external scanning are critical to effective third-party vendor risk management.
  • Financial firms must demand concrete, up-to-date proof of security from vendors to strengthen their overall cybersecurity posture.



Table of Contents

Table of Contents

Cybersecurity in Banking 2025: The Vendor Behind the Breach

Research from Black Kite indicates a sharp decline in direct ransomware attacks on financial institutions, decreasing from 191 incidents in 2023 to 55 by mid-2025.

These numbers appear encouraging when you look at them from the surface. Sadly, the truth is more complex. Ransomware actors haven’t disappeared; they’ve simply redirected their attack on the softer underbelly of financial infrastructure, who are often third-party vendors.

Black Kite attributes this shift to stronger internal cybersecurity defenses within banks and the takedown of high-profile ransomware groups like LockBit and ALPHV/BlackCat. While their dismantling has temporarily disrupted large-scale attacks, Dikbiyik explained it has also led to a fragmented and unpredictable threat landscape, now populated by dozens of emerging groups looking for new angles of attack.

He told Techopedia:

“Their fall just opened the floodgates. In the past year alone, we’ve tracked 45 new ransomware groups. That’s on top of the 70+ active ones already in play. What’s different now is the target selection. They’re chasing low-hanging fruit. That means SMB vendors, such as payroll processors, insurance brokers, and IT contractors, among others.”

Many of these vendors operate with outdated systems and delayed security patching. Dikbiyik added:

“Groups like RansomHub are targeting the supply chain heavily because that’s where defenses are thin and the impact is broad. Financial institutions must stop thinking of ransomware as a direct hit. The risk is downstream, and it’s growing.”

The Vendor Risk No One’s Managing

Ferhat Dikbiyik pointed out that the biggest risk from third-party vendors isn’t unknown but unmanaged. He explained:

“We understand how ransomware gains entry: unpatched systems, open remote desktop (RDP) ports, and social engineering attacks. The problem is many third-party vendors, especially small and midsize businesses (SMBs), lack the resources or maturity to properly manage these risks.”

This creates a critical blind spot for financial institutions. Unfortunately, Dikbiyik added, “Most companies only realize how critical a vendor is after there’s an interruption. By then, it’s too late.”

A notable recent example of cyber incidents resulting from these third-party security loopholes was the Cl0p ransomware group’s exploitation of vulnerabilities in unpatched versions of Cleo MFT products.

The exploitation resulted in operational disruption across various sectors linked to the financial supply chain. While no one knows for sure the number of affected organizations, Black Kite estimates that the actual number could be in the hundreds, since many companies rely on the products for supply chain operations.

Financial Institutions Must Demand More From Vendors

The strength of a financial institution’s cybersecurity is only as solid as the weakest link in its vendor chain. Black Kite notes that no matter how well-defended a financial institution is, a single exposed partner with poor vendor cybersecurity is enough to allow attackers in for exploitation.

Dikbiyik told Techopedia:

“What’s really concerning is when vendors leave server configs, outdated services, or internal system details exposed to the public internet. That’s recon gold for ransomware affiliates.”

While many banks have improved their security networks, Dikbiyik argues that the industry must now rethink how it manages third-party risk. Traditional point-in-time assessments and static security questionnaires no longer offer meaningful protection in a threat environment that changes daily.

“Financial institutions can move fast and stay secure if they rethink how they manage third-party risk,” he said. “That means shifting from static assessments to continuous visibility. AI can support that shift, but only if it’s used to highlight actual risk, not just automate old checklists.”

Dikbiyik also emphasized the need for banks to go beyond just internal self-reporting and engage in external scanning. Banks, he said, should demand tangible proof from vendors, such as third-party security scans, that show they’re not exposing sensitive infrastructure or expanding their attack surface unknowingly.

The Bottom Line

For every negligence, there is a price to pay. Banks have for long paid little attention to vendor cybersecurity, and it’s beginning to rain hard on them as the ransomware landscape has changed towards exploiting those partners.

Black Kite’s report has clearly shown that third-party vendors remain a critical blind spot in the financial ecosystem. Threat actors know this and are already exploiting it. If banks want a more stable, secure environment, they’ll need to stop thinking in silos and start treating their entire vendor ecosystem as part of the defence front line.

FAQs

Why are third-party vendors becoming the biggest cybersecurity risk in finance?

How do vendor vulnerabilities affect financial institutions directly?

What percentage of financial vendors scored poorly on cybersecurity metrics?

What are the most common weaknesses among third-party vendors?



Source link

Share This Post:

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Investors

Investors flock to riskier assets

July 22, 2025
Finance

Indicted Jackson prosecutor’s latest campaign finance report rife with

July 22, 2025
Crypto

What the Tech? Cryptocurrency scams | Homepage Top Stories

July 22, 2025
Mortgage

Granite Point Mortgage Trust Inc. Announces Dates for Second

July 22, 2025
Finance

FAS Dean for Administration and Finance Leaves Harvard for

July 22, 2025
Loans

Student Loans: Trump Admin Issues Update Impacting Millions of

July 22, 2025
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent. View more
Accept
Decline