Skip to main content
Security Scorecard

America’s Financial Industry Highly Susceptible to Data Breaches

Posted on August 2nd, 2016

NEW YORK, Aug. 2, 2016 /PRNewswire/ -- SecurityScorecard, the most accurate cybersecurity rating and continuous risk monitoring platform, today released its 2016 Financial Cybersecurity Report - a comprehensive analysis that exposes cybersecurity vulnerabilities across 7,111 financial institutions including investment banks, asset management firms, and major commercial banks around the world. The conclusions and rankings featured in the report are based on data derived from SecurityScorecard's patented security rating platform.

Among the report's findings are the following observations:

  • The U.S. Commercial bank with the lowest security posture is one of the top 10 largest financial service organizations in the U.S (by revenue).
  • Only one of the top 10 largest banks, Bank of America, received an overall 'A' grade.
  • 95 percent of the top 20 U.S. commercial banks (by revenue) have a Network Security grade of 'C' or below.
  • 75 percent of the top 20 U.S. commercial banks (by revenue) are infected with malware and a number of malware families were discovered within these banks, including Ponyloader, and Vertexnet.
  • Nearly 1 out of 5 financial institutions use an email service provider with severe security vulnerabilities.
  • The best performing Investment Banks in IT Security include Goldman Sachs, Exchange Bank, BNP Paribas Fortis and Banco Popolare.

Each U.S. financial organization was evaluated based on their overall security hygiene and security reaction time compared to their industry peers. SecurityScorecard also analyzed the specific security ratings of Scottrade, Bangladesh Bank, and CharlesSchwab, all of which fell victim to data breaches recently. The analysis provides details on the data breaches as part of a holistic view on the financial industry's vulnerability to attacks.

Additionally, SecurityScorecard found third party vendors and partners that provide essential services to the financial services industry also pose some of the greatest security risks.

"As banks continue to grow through acquisition, legacy IT systems and their vulnerabilities are also acquired. In many cases, they remain in place for years," said Sam Kassoumeh, a cybersecurity expert with over 10 years' experience and COO and Co­-Founder of SecurityScorecard.

"Despite major financial institutions spending billions of dollars on cybersecurity annually, this report suggests the financial industry may not be spending those dollars as effectively as possible. A greater level of protection is required, which should be a concern for their customers and partners."

"Financial companies rely on data exchanges with other vendors and may have limited visibility into the cyber risk associated with these transactions. As cybercriminals find new ways to attack, breach, and exploit organizations, threat patterns such as phishing, spear-phishing, and social engineering evolve and become more sophisticated. Financial organizations need solutions that assess vulnerabilities continuously and have the ability to see risks and vulnerabilities before a breach takes place," said Dr. Luis Vargas, Sr. Data Scientist at SecurityScorecard.

For more information about these findings, download the full report. To receive a free SecurityScorecard assessment and consultation for your business, visit

About SecurityScorecard
SecurityScorecard provides the most accurate rating of security risk for any organization worldwide. The proprietary cloud platform helps enterprises gain operational command of the security posture for themselves and across all of their partners and vendors. The platform offers a breadth and depth of critical data points not available from any other service provider and in a completely self-service and automated tool. The platform provides continuous, non-intrusive monitoring for any organization including third and fourth parties. Security posture is assessed and measured non-intrusively across a broad range of risk categories such as Application Security, Malware, Patching Cadence, Network Security, Hacker Chatter, Social Engineering and Passwords Exposed.

Media Contact: North 6th Agency, Inc.
212-334-9753, [email protected]

Join us in making the world a safer place.