Dive Brief:
- A review and ranking of the security postures of thousands of global financial services companies found 95% of the top 20 U.S. commercial banks by revenue have a network security grade of C or below.
- SecurityScorecard’s 2016 Financial Cybersecurity Report also found 75% of the top 20 U.S. commercial banks by revenue are infected with malware.
- But financial services is still one of the top performing sectors for security and has the fourth highest security rating across industries. Information services, technology and construction are the top three highest rated sectors.
Dive Insight:
U.S. financial organizations were evaluated on their overall security hygiene and security reaction time, according to SecurityScorecard. The organization ranked the security postures of more than 7,000 global financial services companies, including investment banks, asset management firms and major commercial banks and found that many face "significant security vulnerabilities," according to the announcement.
Though it declined to name names, SecurityScorecard found the U.S. commercial bank with the worst security score is one of the top 10 financial services organizations in the U.S. Only one of the top 10 largest banks, Bank of America, received an A grade. Goldman Sachs, Exchange Bank, BNP Paribas Fortis and Banco Popolare were among the best performing investment banks, according to the report.
SecurityScorecard also found third parties that provide services to the financial services industry present some of the greatest security risks.
"Financial companies rely on data exchanges with other vendors and may have limited visibility into the cyber risk associated with these transactions," said Dr. Luis Vargas, Sr. Data Scientist at SecurityScorecard.
The report comes at a time of heightened cybersecurity concerns at financial institutions worldwide.
A May survey from Vormetric found 90% of IT security pros in financial services feel vulnerable to a data breach, and 44% have already experienced one. In February, hackers stole $81 million from a Bangladesh central bank. Since then, banks are looking at their standards and protocols, evaluating how they use technology in an effort to avoid another cyber heist.