Financial Sector Cybersecurity: How Do You Compare To Your Peers?

By Fortra's Digital Defense

Comparing and quantifying your cybersecurity posture against peer organizations in the financial sector provides valuable context for how your cybersecurity program performs relative to others in your industry. Digital Defense’s Insight peer comparison report in the Fortra Vulnerability Management platform vulnerability and threat management platform provides actionable and detailed intelligence that helps your team get a valuable perspective on their effectiveness.

Making the grade graphic 9.16.20

Grading the Financial Industry

The primary security rating metric used in the Insight report is Security GPA®. Predicated on a 4.0 & A-F grading scale, and like a grade point average in school, the higher your Security GPA, the better your security posture.

Security GPA is a weighted score based on asset criticality and the number and the severity level of active vulnerabilities. It reflects even the smallest changes to your environment that other VM systems often do not.

We ran Insight reports on our bank, credit union, and financial services clients to gain insight into the threat and vulnerability preparedness across the financial sector.*

Comparing Cohorts

The chart below provides the 12-month average Security GPAs for internal and external scanning and compares these scores with the same period in the previous 12 months. For additional context, the Security GPAs for banks, credit unions, and financial services firms were averaged to calculate an overall financial industry GPA for internal and external vulnerability scanning.

Frontline GPA Banking Industry Comparison Graph

All financial verticals performed above the platform average Security GPA for both their internal (2.72 B-) and external (3.37 B+) vulnerability scanning and remediation efforts.**

Prioritization Pays Off

The bank and credit union Security GPAs for external scanning indicate that these two groups have made headway improving their external security posture by prioritizing high-impact vulnerabilities that put their organizations most at risk.

On the other hand, the financial services vertical’s internal GPA (0.88) is noticeably lower than the previous (3.02). Many variables can impact a decreased Security GPA, especially as we account for the extensive network changes in the financial industry over the past several months. Situations that could be contributing factors to the lower internal GPA for financial services include:

  • A large deployment of hardware, software, or operating systems has triggered several high-level vulnerabilities that are not being addressed because organizations are going through a technology refresh.
  • New vulnerabilities discovered that are targeting applications specific to the financial services vertical.
  • Financial services customers may have a sizeable deployment of applications or operating systems that have recently reached end-of-life (EOL), triggering additional vulnerabilities.
  • The distribution of customers that identify as financial services in Fortra VM.*

Most notable in this industry comparison is that most of our financial clients’ year-over-year scores exceed platform averages, remain consistent, and improve during a time of significant technology changes across the industry. The data indicates that financial organizations are prioritizing vulnerabilities that have the most impact on their security posture and are putting security first by taking action on incidents identified through their VM program.

Peer Comparison Metrics in Insight

Insight compares your cybersecurity performance to your peers by vertical, organization size, or annual revenue. Peer comparison data presented in the Insight report for the financial industry includes:

Security GPA Breakdown by all Verticals

Compares internal and external Security GPAs broken out by all verticals represented in the Fortra VM platform.

Detailed Security GPA Trend Analysis

Provides a quick and easy way to see how well you are doing over time compared to your bank, credit union, or financial services peers.

Top 5 External & Internal Unauthenticated Vulnerabilities

The top 5 vulnerabilities are ranked by severity (medium, high, critical) and presented in a side by side comparison with your organization’s top 5 external and internal vulnerabilities.

Time to Fix External & Internal Vulnerabilities

Provides insight into the length of time your peers are taking to fix critical, high, and medium severity vulnerabilities compared to your efforts.

These metrics in the Insight report show your team which malware infections are targeting peer companies, providing greater insight into industry-specific threats and the security diligence standards of your financial sector peers.

Where Do You Stack Up?

Try Fortra VM to see how your organization compares to other financial institutions.

Start a 14-Day Free Trial

* In the Fortra VM platform, identifying an organization’s vertical is optional. This report reflects the anonymous data of all organizations that have identified their vertical as either bank, credit union, or financial services. This report does not include the anonymous data of Fortra VM customers that have not identified their organizational vertical, so some financial institutions using the platform may not be included in this data and are listed as ‘uncategorized’ in Insight.

**Source:  Insight provides peer analysis of Active View trending and statistical data. This document presents findings as of Tuesday, Aug. 1, 2023. These sections provide a summary of findings that includes the Security GPA trend for a Demo Account as compared to its peers as well as a breakdown of all peer groups and their current Security GPAs. We calculated the Financial Industry Security GPA by averaging the banking, credit union, and financial services vertical segment Security GPAs reported in Fortra VM over the past 12 months.

About Digital Defense

Our SaaS platform supports Fortra Vulnerability Management, Web Application Scanning, and Active Threat Sweep that together provide:

  • Asset discovery and tracking
  • OS and web application risk assessment
  • Targeted malware threat assessment
  • Machine learning features that leverage threat intelligence
  • Agentless & agent-based scanning
  • Penetration testing for networks, mobile applications, and web applications
  • Compliance management. One of the world’s longest tenured PCI-Approved Scanning Vendors

Our SaaS platform virtually eliminates false-positives associated with legacy vulnerability management solutions, while also automating the tracking of dynamic and transient assets and prioritizing results based on business criticality.

See Firsthand How VM Can Work For You

Request a customized demo and see which cybersecurity vulnerability management options your organization needs.

Get a Demo

Share This