Many financial firms have high-severity software security flaws over a year old

New research from Veracode has revealed over three-quarters (76%) of financial institutions have ‘Security debt’, which it defines as any flaw that has gone unfixed for longer than a year – and shockingly, 50% have ‘critical security debt’ from high severity flaws.

The financial sector is facing a rising number of cyberattacks, and critical infrastructure is proving to be a top target for threat actors.

The average cost of a data breach in the financial sector has hit a staggering $6.08 million, Veracode says – so any security flaw could be costly.

AI driven attacks

Of all applications in the industry, 40% have security debt, but just 5.5% are flaw-free, so the clock is ticking. The flaws primarily come from financial organizations own code (84%), however the critical flaws overwhelmingly come from third party dependencies (78%).

Whilst security teams do fix half of the first-party flaws within nine months, the flaws stick around longer in third party code, only being fixed after an average of 13 months. Of those, only 44% of first party flaws turn into security debt compared to 52% from third parties.

“The high rate of security debt in the financial sector poses significant risks to organizations and their customers if not addressed quickly,” said Chris Wysopal, Chief Security Evangelist at Veracode.

“As AI-driven cyber-attacks continue to grow in strength and numbers, and organizations struggle to keep up with evolving regulations due to existing security debt, the current landscape allows threat actors to exploit vulnerabilities at an alarming, unprecedented rate.”

This trend is one we’ve seen repeated across the board, with AI changing the cybersecurity landscape on both sides. Cybercriminals show no signs of relenting, so even minor flaws could end up costing your organization millions.

Take a look at the best antivirus software around todayThe cyber landscape in 2024: AI, cyber attacks and disinformation Check out our pick for best firewall software

Related posts

Sony CEO says the company started working on the PS5 Pro well before the PS5 launch, “it was another five-year project for us”

Samsung One UI 7 beta tipped to land this month – and a new leak has revealed most of its features

Top online animation tool LottieFiles hacked to target victim crypto wallets

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More