Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Financial Services: 2023 Insights From the Ponemon Institute

Dark purple background with teal letters and image of report with bar charts in teal.


In our latest report, The Offensive Security Blueprint for Financial Services, we share invaluable insights into offensive security trends in the financial services (FinServ) sector with comprehensive analysis derived from the esteemed Ponemon Institute’s 2023 State of Offensive Security Report. Based on responses from 133 reputable FinServ organizations, representing 20% of the total sample, this industry cut offers a wealth of knowledge.

Our report offers a two-fold purpose:

  1. Provide security leaders in the FinServ industry with a detailed understanding of the current offensive security landscape
  2. Emphasize crucial factors that should be considered when devising effective security strategies

Don't miss out on this authoritative resource. Here is a sneak peek to see why FinServ organizations are at the forefront of offensive security and an opportunity to learn from their exceptional strategies.

Unleashing the Power of Offensive Security

FinServ organizations are pioneers in offensive security, leading the way in application security, attack surface management (ASM) technologies, cloud security, and network security. They also excel in threat intelligence sharing.

What sets FinServ organizations apart is their unique approach to security. Instead of treating it as a competitive advantage, they embrace it as a shared responsibility. Through platforms like FS-ISAC, they openly exchange innovations and collaborate on security practices, including Red Team approaches and methodologies. This collaborative mindset fortifies the security posture of the entire industry.

Impressively, a whopping 45% of FinServ organizations proclaim their security strategy as "fully mature," as revealed in Figure 1. This underscores the industry's unwavering commitment to compliance and safeguarding monetary assets. It firmly establishes FinServ organizations as global leaders in security programs.

Figure 1. What statement best describes the maturity of your organization’s security strategy? bar chart with results.

FIGURE 1 - What statement best describes the maturity of your organization's security strategy?

The Importance of Third-Party Security Services

When it comes to security, FinServ organizations understand the value of utilizing third-party providers. In fact, a staggering 73% of these organizations rely on these external experts to safeguard their operations. This reliance is driven by two key factors: the strict regulatory landscape that FinServ organizations face (i.e., third-party attestation) and the difficulties in hiring and retaining skilled security professionals.

As shown in Figure 2, 32% of organizations exclusively rely on these external experts, while an additional 41% combine their efforts with internal resources.

This strategic decision allows FinServ organizations to benefit from the expertise and experience of established security providers, while also meeting the demanding regulatory requirements they face. By investing in third-party security services, these organizations can confidently navigate the complex security landscape and focus on their core operations.

In conclusion, the reliance on third-party security services has proven to be an attractive and necessary investment for FinServ organizations. Empowered by the expertise of external providers, these organizations can effectively protect themselves and their clients, ensuring a secure and trusted environment for financial transactions.

Figure 2. What is your organization’s approach to offensive security testing? Bar chart with results.

FIGURE 2 - What is your organization's approach to offensive security testing?

Prioritizing Offensive Security Practices

When it comes to implementing offensive security practices, FinServ organizations are setting the bar high. In Figure 3, the data clearly indicates that they outshine other industries in their adoption rate. With a laser focus on protecting their assets, FinServ companies prioritize the usage of application security, ASM technology, cloud security, and network testing. By embracing offensive security, they stay one step ahead of potential threats and ensure their critical data remains secure.

Figure 3. Does your organization’s offensive security strategy include any of these services? Only ‘Yes’ responses are represented.

FIGURE 3 - Does your organization's offensive security strategy include any of these services? Only 'Yes' responses are represented. 

Meeting Offensive Security Objectives

Compliance and regulatory requirements are paramount in offensive security testing for FinServ organizations, accounting for 45% of their objectives. But that's not all. As shown in Figure 4, these organizations also prioritize bolstering incident response readiness, gaining visibility into attack surface exposures, and safeguarding their brand reputation. By focusing on compliance, these organizations address the critical need to uphold industry regulations while protecting customer data and financial assets.

Figure 4.  Which of the following goals or objectives are you trying to achieve with offensive security testing? Three choices permitted.

FIGURE 4 - Which of the following goals or objectives are you trying to achieve with offensive security testing? Three choices permitted. 

Winning the Race Against Top Cyber Threats

FinServ organizations are placing utmost importance on addressing vulnerabilities in cloud infrastructure, making it their number one cyber threat. This drives their offensive security investments to a significant rate of 45%. Following closely behind is the prevention of DDoS attacks (36%), and the mitigation of man-in-the-middle attacks (28%), as seen in Figure 5. This highlights the industry’s growing reliance on cloud technology, emphasizing the criticality of safeguarding valuable financial data stored in the cloud. Securing the cloud is no longer a mere option; it is an imperative for the financial sector.

Figure 5. What types of cyber threats are driving your offensive security investments? Three choices permitted.

FIGURE 5 - What types of cyber threats are driving your offensive security investments? Three choices permitted. 


Offensive security trends in the FinServ sector should not be taken lightly – organizations must constantly strive to stay ahead of modern threats and strengthen defensive tactics.

The 2023 State of Offensive Security Report from Ponemon Institute serves as a key resource providing FinServ stakeholders with crucial information on modern security strategies and a guidepost on how to appropriately apply them.

Download the FinServ industry cut to see the full comprehensive analysis of why FinServ organizations are advancing their offensive security capabilities and how you can apply these tactics to your own organization.

Subscribe to Bishop Fox's Security Blog

Be first to learn about latest tools, advisories, and findings.

Beth Robinson BF Headshot

About the author, Beth Robinson

Senior Content Writer

Beth Robinson is a Bishop Fox Senior Content Writer alumna. She joined Bishop Fox with nearly 20 years of experience focused on technical intelligence issues.

More by Beth

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.