NEW YORK - Aug 9, 2021 - SecurityScorecard, the global leader in cybersecurity ratings, today released new research findings into the cybersecurity postures of the 2021 Forbes Global 2000. Using SecurityScorecard’s exclusive 10-factor score analysis, the report compared the performance of the financial sector versus non-financial companies. The results show a vast disparity between the state of financial services organizations compared to non-finance firms, yet also reveals a number of vulnerabilities that still need to be addressed.
The report, 2021 Forbes Global 2000 Financial Sector Cybersecurity Health Check, examines the state of firms immediately after two major ransomware attacks, and the publication of several known CVE vulnerabilities. Some of the key findings include:
- The finance industry persistently and consistently scored better than non-finance firms for internet security. Overall, 80% of finance institutions (banking, diversified financials and insurance) in the Forbes Global 2000 scored a “B” or better, compared to 63% of non-finance organizations.
- The spread of security scores is narrower for the finance industry than for the non-finance industry, but there are still financial institutions that rank poorly on overall scores and on individual security factors.
- Across most key security factors, the finance industry scores better than non-finance, most notably in patching cadence. Importantly, finance firms have 10x fewer high-severity CVEs on their systems than do non-finance companies suggesting finance firms are particularly adept at software patching.
“The finance industry understands that they are a prime target of attacks motivated by profit. Today, the sheer volume of financial transactions and high value corporate assets makes the financial industry a more lucrative target than ever before,” says Alexander Heid, Chief Research and Development Officer, SecurityScorecard. “However, the most recent ransomware events prove that nobody is immune to cyberattacks and extortion. While financial services organizations are faster in patching vulnerabilities than non-industry peers - the use of legacy systems and applications with known vulnerabilities is still an immediate threat that must be addressed. Every organization needs to be aware of their current cybersecurity exposure in order to implement effective mitigations as opposed to incident remediation.”
With the ability to continuously monitor and scan billions of signals every week, SecurityScorecard is the global industry leader in cybersecurity ratings. The company collects and analyzes global threat signals that allow organizations to have instant visibility into the security posture of vendors and business partners as well as the capability to do a self-assessment of their own security posture. The technology continuously monitors millions of companies to instantly deliver an easy-to-understand A-F rating.
To download a copy of the report, visit: https://securityscorecard.com/resources/2021-forbes-global-2000-financial-sector-cybersecurity-health-check
Funded by world-class investors including Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 10 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 18,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every company has the universal right to their trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.