SecurityScorecard Threat Intel Report: 97% of Leading U.S. Banks Impacted by Third-Party Data Breaches in 2024

News > Business News

Carbonatix Pre-Player Loader

Audio By Carbonatix

9:00 AM on Thursday, December 12, 2024

The Associated Press

NEW YORK--(BUSINESS WIRE)--Dec 12, 2024--

SecurityScorecard today released an in-depth analysis revealing that 97% of the top 100 U.S. banks experienced a third-party data breach in the past year, exposing significant vulnerabilities in banking supply chains.

As banks increasingly rely on third-party vendors for core functions, their exposure to supply chain vulnerabilities grows. Using the largest proprietary risk and threat intelligence dataset, SecurityScorecard’s experts analyzed how third-party breaches impact the banking sector. With these breaches posing serious risks, fully understanding external dependencies is essential for reducing exposure and maintaining resilience.

Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence, said:

“Nearly all major U.S. banks faced third-party breaches, exposing serious weaknesses across our interconnected digital ecosystem. The recent CrowdStrike incident underscored this fragility, showing how issues with just one vendor — even without a breach — can create widespread exposure and risk. For banks, these third-party vulnerabilities mean one compromised vendor could destabilize the entire financial system.”

Key findings

  • 97% of the largest U.S. banks reported third-party breaches, even though only 6% of vendors were compromised, showing the extensive reach of these incidents.
  • Nearly all (97%) of these banks also suffered fourth-party breaches, traced back to just 2% of vendors.
  • Each of the top 10 U.S. banks faced a third-party breach, underscoring risk across the industry.

Cybersecurity recommendations for the financial industry

Based on this analysis, the SecurityScorecard STRIKE team also offers actionable insights for enhancing cybersecurity in the banking sector:

  • Continuously monitor external attack surfaces: Implement automated scanning to detect IT infrastructure and cybersecurity risks across vendor and partner environments.
  • Identify single points of failure: Map the critical business processes and technologies to identify any single points of failure. Create a watch list with these vendors.
  • Automatically detect new vendors: Passively monitor vendors’ IT deployments to identify and resolve hidden supply chain risks.

Methodology

SecurityScorecard researchers analyzed 100 top U.S. banks by market capitalization, assessing over 9,000 domains, including third- and fourth-party vendors.

SecurityScorecard gathers significant amounts of non-intrusive data on the cybersecurity performance of companies worldwide. Using this data, SecurityScorecard calculates an overall score, graded A through F, based on ten factors that are predictive of a security breach.

Additional resources

About STRIKE

The STRIKE threat intelligence team combines unique threat intelligence, incident response experience, and supply chain cyber risk expertise. Backed by SecurityScorecard technology, STRIKE is a strategic advisor to CISOs worldwide, empowering the entire digital ecosystem to identify, measure, and resolve cyber risk.

About SecurityScorecard

Funded by world-class investors, including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings, response, and resilience, with more than 12 million companies continuously rated.

Founded in 2014 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented security ratings technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.

SecurityScorecard makes the world safer by transforming how companies understand, improve, and communicate cybersecurity risks to their boards, employees, and vendors. SecurityScorecard achieved the Federal Risk and Authorization Management Program (FedRAMP) Ready designation, highlighting the company’s robust security standards to protect customer information, and is listed as a free cyber tool and service by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.

View source version on businesswire.com:https://www.businesswire.com/news/home/20241212809175/en/

CONTACT: Media Contact

Allison Knight

10Fold for SecurityScorecard

[email protected]

KEYWORD: NEW YORK UNITED STATES NORTH AMERICA

INDUSTRY KEYWORD: PAYMENTS ONLINE RETAIL DATA MANAGEMENT RETAIL SECURITY TECHNOLOGY INTERNET

SOURCE: SecurityScorecard

Copyright Business Wire 2024.

PUB: 12/12/2024 09:00 AM/DISC: 12/12/2024 09:03 AM

http://www.businesswire.com/news/home/20241212809175/en

This content is used here with permission. To view the original visit: https://www.businesswire.com/news/home/20241212809175/en/
 

You might also be interested in:

Salem News Channel Today

Sponsored Links

On Air & Up Next

  • Rich Valdés America at Night
    9:00PM - 12:00AM
     
    It’s new talk for a new generation, introducing Rich Valdés America at Night!   >>
     
  • The Charlie Kirk Show
    12:00AM - 1:30AM
     
    "The Charlie Kirk Show" can be heard weekdays across Salem Radio Network and watched on The Salem News Channel.
     
  • The Scott Jennings Show
    2:00AM - 3:00AM
     
    Jennings is battle-tested on cable news, a veteran of four presidential   >>
     
  • The Lars Larson Show
    3:00AM - 6:00AM
     
    The Lars Larson Show covers the latest news across this great land of ours.
     

See the Full Program Guide