SecurityScorecard published its annual report which analyzes the security level of financial institutions and lists their vulnerable areas. The 2016 Financial Cybersecurity Report covers 7,111 global financial institutions. The company analyzes investment banks, commercial banks, asset management firms and other financial institutions.
Some of the key results from the report are listed below:
- 75% of the top 20 commercial banks in the U.S. (ranked by revenue) were found to be infected by a form of malware.
- The Bank of America is the only member from the list of the top 10 largest banks to receive an overall grade “A” for security.
- The US Commercial bank has the lowest security rating. The institution is in the top 10 of the largest financial service organizations in the U.S. (ranked by revenue).
- 95% of the top 20 U.S. Commercial banks (ranked by revenue) were given a Network Security grade of “C” or below.
- Almost 20% of the financial institutions examined were found to be using an email service provider which has significant security vulnerabilities.
- The top ranked investment banks in terms of IT security include Goldman Sachs, BNP Paribas Fortis, Banco Popolare and Exchange Bank.
The evaluation and rankings were made by gathering and systematizing data from SecurityScorecard’s security rating platform. Each U.S. financial institution was analyzed in both personal and comparative aspects. The research covered the organizations’ personal level of protection and their reaction time in comparison to their peers from the industry.
The report includes a separate analysis of three financial institutions which were subjected to data breaches in recent memory. The specific security ratings of Scottrade, CharlesSchwab and Bangladesh Bank were broken down. This analysis is part of a holistic view on the financial industry’s overall vulnerability to security attacks.
SecurityScorecard also concluded that some of the greatest risks result from enlisting the services of third party traders and partners.
COO and co-founder of SecurityScorecard Sam Kassoumeh shared his views on the future of banking security. “As banks continue to grow through acquisition, legacy IT systems and their vulnerabilities are also acquired. In many cases, they remain in place for years. Despite major financial institutions spending billions of dollars on cybersecurity annually, this report suggests the financial industry may not be spending those dollars as effectively as possible. A greater level of protection is required, which should be a concern for their customers and partners”. Mr. Kassoumeh has over 10 years of experience in the field of cyber security.
Dr. Luis Vargas, senior data scientist at SecurityScorecard, gave his analysis on the current situation in the sector. “Financial companies rely on data exchanges with other vendors and may have limited visibility into the cyber risk associated with these transactions. As cybercriminals find new ways to attack, breach, and exploit organizations, threat patterns such as phishing, spear-phishing, and social engineering evolve and become more sophisticated. Financial organizations need solutions that assess vulnerabilities continuously and have the ability to see risks and vulnerabilities before a breach takes place”.