Supply Chain Risks Exposed in Fintech Companies Unveiling Alarming Breach Statistics and Vulnerabilities
A recent report by SecurityScorecard has shed light on the growing gap between strong internal controls and the external risks posed by supply chains. The report, titled Defending the Financial Supply Chain: Strengths and Vulnerabilities in Top Fintech Companies, examined the cybersecurity posture of 250 fintech firms, revealing some alarming statistics.
According to the findings, a significant 41.8% of breaches affecting leading fintech companies came from third-party vendors. Additionally, fourth-party vulnerabilities contributed an extra 11.9% to this risk, which is notably more than double the global average. The report also pointed out that 18.4% of fintech companies have faced publicly acknowledged breaches, with 28.2% of these firms experiencing multiple incidents.
When delving deeper into the breach origins, it was found that technology products and services were implicated in 63.9% of third-party breaches. Notably, file transfer software and cloud platforms were identified as frequent targets for compromise. The report underscored that weaknesses in Application Security and DNS Health were prevalent, with 46.4% of the analyzed companies scoring the lowest in application security.
One of the report's key insights emphasizes the integral role that fintech companies play in the global financial landscape. Vulnerabilities in any exposed vendor can dramatically impact critical financial infrastructure, leading to operational disruptions across payment systems and digital asset platforms.
Despite these vulnerabilities, the report did recognize that fintech companies exhibit a relatively stronger security posture compared to other industries, boasting a median security score of 90, with 55.6% achieving an ‘A’ rating.
In light of these findings, the SecurityScorecard STRIKE team proposed several key recommendations to bolster cybersecurity measures across the fintech sector:
- Enhance third- and fourth-party risk oversight: It is vital for fintech companies to categorize vendors based on risk.
This report serves as a crucial reminder of the intricate relationship between internal security measures and external supply chain vulnerabilities, emphasizing the need for vigilant oversight and continuous improvement in cybersecurity practices within the fintech industry.
