Professional Documents
Culture Documents
FINANCIAL
SERVICES
CYBERSECURITY
Your guide to the financial services
threat landscape
Banks and financial institutions hold some of the largest collections of sensitive, private, and valuable
information in the world, not to mention the money that banks hold. Everything from personally
identifiable information (PII) to check routing data and global stock and investment algorithms — these
records have a long shelf life, and cyber attackers can use them to conduct identity theft and fraud. The
loss of this data and intellectual property could have a major effect on a bank’s brand reputation and
customer loyalty.
• Cyberattacks cost financial services firms more to address than firms in any other industry at $18
million per firm (vs. $12 million for firms across industries).
• Financial services firms also fall victim to cybersecurity attacks 300 times more frequently than
businesses in other industries.
• While the typical American business is attacked 4 million times per year, the typical American
financial services firm is attacked a staggering 1 billion times per year.
The financial services market has been one of the most heavily targeted industries for years. As financial
organizations continue developing, deploying and managing highly-connected and distributed products,
combating external threats continues to be a major challenge.
• As attack surfaces become more complex, attackers are upping their intensity and resourcefulness
to capitalize on security vulnerabilities.
• Hiring and training internal resources is more and more difficult as the cybersecurity job
deficiency grows.
• Traditional security methods are falling short, as proof of major data breaches amongst financial
services and banking companies in the past few years.
By recognizing that hackers will find vulnerabilities and exploit them, leaders can improve the way they
design and deliver services, manage risks, and train their teams.
At 95%, Bugcrowd
offers the best
signal-to-noise ratio
in the industry.
Financial services
programs see the
majority, nearly 70%
of submissions against
website targets.
Vulnerability Payouts
Average Payouts
The average payout for a critical vulnerability (P1) in Q1 2019 is $3,184.62, which is higher than any other
year combined. As the year goes by, we’ll see that number slightly decrease with more vulnerabilities
reported. In 2018, the average payouts for P1 was $1,653.83.
Over the last few years, crowdsourced cybersecurity has seen increased adoption in financial services.
Security operations centers (SOCs) of financial industries are seeing value in working with the ethical
hacking community to actively find and remediate vulnerabilities within their respective infrastructures
and systems. The thought is that the sooner you can locate the sign of a vulnerability in your system,
the sooner you can combat them. While they know it’s necessary, not all banks or financial services
organizations have the resources or can find the talent to perform in-house testing.
Crowdsourced security programs provide smaller security teams access to hundreds of thousands of
the best ethical hackers in the world, and allow large security teams to focus on what matters most, like
serving customers and managing funds. With the rise of online and mobile banking, cryptocurrency,
and the legal liability and brand reputation implications that come from a breach, Bugcrowd is here to
help, uncovering complex, creative vulnerabilities that a standard vulnerability scanner or traditional
pen test cannot.
The evolving threat landscape and the ever-widening security skills gap are giving rise to community-based
programs such as crowdsourced cybersecurity, an important evolution that’s fast becoming a foundational
element of any organization’s cybersecurity program.
NEXT GEN PEN TESTS ARE THE FUTURE MEET COMPLIANCE REQUIREMENTS
93% of organizations see benefit in crowdsourced security solutions Crowdsourced programs aim to satisfy requirements
for pen testing. The addition of next gen pen testing leads to better from auditors and reviewers with security standards in
outcomes for businesses, including faster remediation of severe mind. Align cybersecurity programs with best practices,
vulnerabilities and lower average testing cost as defined by the US Government, NIST, DOJ, FDA, and
others.
Data pulled from Enterprise Strategy Group research "Security Leadership Study – Trends in Application Security, March 2019
• 71% of surveyed financial services organizations solved challenges with a lack of awareness of
application security issues with Bugcrowd.
• 86% of surveyed financial services organizations report Crowdsourced Security Testing as their top
application security tool.
• 33% of surveyed financial services organizations saved $50,000-$100,000 per month with
Bugcrowd versus traditional testing methods.
• 34% of surveyed financial services organizations saved 75-105 hours per month with Bugcrowd
versus traditional testing methods.
Impact
Financial institutions must assume the risk. Crowdsourced security programs are fundamentally changing
the way financial services organizations approach the security of the Internet — moving from the realm
of novelty towards best practice.
From NIST to the Federal IT Modernization Report, and the Data Security and Breach Notification Act,
having a crowdsourced security program in place is quickly becoming an adhered-to standard for most
industries. State regulations mandate annual penetration tests and bi-annual vulnerability assessments.
While this is good, continuous assessments are best. Protecting customers’ personal assets and data on
a constant basis should be a top priority — consumers today demand it.
Protect valuable assets and maintain trust by more quickly detecting unauthorized transactions, fraud, or
money laundering. Bugcrowd helps you identify the risks before cyber thieves can exploit them, stealing
money and valuable assets.