SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Realistic computer network connected devices unlocked padlock weak cybersecurity financial supply chains
#
Advanced Persistent Threat Protection
#
Supply Chain
#
Risk & Compliance

Financial sector faces third-party vendor cyber security gaps

Tue, 15th Jul 2025
Author image
By Jed Nykolle Harme, Editor

A new report by Black Kite has found that the majority of third-party vendors servicing the financial sector exhibit significant weaknesses in managing sensitive information, posing notable risks to financial institutions.

The research, detailed in the 2025 State of Financial Services: Hidden Dangers in the Vendor Ecosystem, focused on cyber threats affecting banks and other financial organisations, highlighting the vulnerabilities present in the broader vendor ecosystem.

Third-party risk concerns

"Our research found that while direct attacks on the financial industry appear to be decreasing, this sector is far from safe. A critical area that must be addressed is third-party risk. We uncovered many weaknesses across vendor companies. The reality is that they just do not have the same robust defenses and regulatory obligations as the financial industry, and when these vendors are breached, the impact can be widespread and significant," said Ferhat Dikbiyik, Chief Research and Intelligence Officer, Black Kite. 

The report's analysis centred on 140 vendors whose client base included at least 10% financial sector customers, regardless of company size. This targeted group was evaluated using intelligence collected from early 2023 to mid-2025.

According to the findings, 92% of third-party vendors received a C, D, or F score in information disclosure. This indicates systematic issues across the supply chain in managing sensitive data, creating indirect pathways for attackers even when financial institutions themselves are well protected.

Decline in direct breaches

Successful ransomware attacks directly targeting financial institutions have reduced over the past two years, with 191 reported victims in 2023, 156 in 2024, and 55 as of mid-2025. The report attributes this decline to both strengthened cyber defences within the sector and recent shifts in the cybercriminal ecosystem.

The 2025 Ransomware Report from Black Kite points to the dismantling of well-resourced ransomware groups such as LockBit and AlphV as a key factor in this reduction. With the fragmentation of these groups, the threat landscape is now populated with less sophisticated actors and Ransomware-as-a-Service (RaaS) offerings, broadening access to attack tools among a wider range of individuals.

Nearly one-third (26.6%) of ransomware actors targeting finance are attributed to emerging or short-lived groups, further reinforcing a trend of increased fragmentation and unpredictability in cyber threats to financial institutions.

Persistent supply chain vulnerabilities

The research found that attackers are increasingly focusing on exploiting vulnerabilities in the supply chain, primarily through third-party vendors such as external service providers and software suppliers. Black Kite reported that 65% of vendors did not maintain current patch levels, exposing financial firms to risks from unpatched vulnerabilities, including potentially serious zero-day exploits in legacy systems.

The existence of outdated systems and credential exposures remains a perennial challenge. Of the 140 vendors examined, 31 were identified as having at least one critical vulnerability, defined by a CVSS score of 8 or above. Furthermore, 15 vendors exhibited extremely high-risk issues with scores exceeding 9. Ninety vendors were flagged as high risk, with 35 specifically tagged for known exploited vulnerabilities (KEV).

Impact of vendor compromise

Vulnerabilities in vendor systems can lead to not only cyber attacks but also operational disruptions. An example cited from late 2024 involved the ransomware group Cl0p, which targeted organisations using unpatched Cleo MFT products. Cl0p listed 66 affected companies on its dark web site, though researchers believe the true number of victims was in the hundreds. The incident affected various sectors linked to financial supply chains, causing shipment and inventory delays for retailers and production downtime for manufacturers due to compromised integrations.

Risk mitigation strategies

The report concludes that direct cyber attacks on financial institutions may be declining, but the sector remains exposed to indirect risks through third-party relationships. Black Kite recommends increased vigilance and a shift towards a proactive, intelligence-led approach to managing vendor risk across the financial services supply chain. Institutions are urged to examine vendor security practices and ensure regular assessments to address the evolving nature of cyber threats.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Boomi recognises APAC innovation with awards for digital impact
Rising cyber threats drive businesses to adopt MSSP solutions
Phishing kits & steganography drive new wave of email threats
Mizuho Bank streamlines Asia Pacific payments with new platform
Job & financial scams surge as cost pressures hit Australia & NZ

Top stories

Microsoft to enable in-country Copilot data processing by 2026
Anthropic identifies AI-driven cyber-espionage campaign
Experts reveal why traditional accounts payable is dead
Samsung’s Knox Security framework - Smart, secure and scalable
Why Australian organisations must automate accounts payable now