Search
Close this search box.
Search
Close this search box.

97% of Top U.S. Banks Exposed to Third-Party Data Breaches in 2024: SecurityScorecard Report

The reliance on third-party vendors in the U.S. banking industry has left 97% of the largest banks vulnerable to data breaches in 2024, according to a new report from SecurityScorecard. This report underscores the escalating risks within banking supply chains and the critical need for enhanced cybersecurity measures.


Banking Supply Chain Vulnerabilities on the Rise

The report highlights the growing interconnection of the digital ecosystem in the financial sector. Banks increasingly depend on third-party vendors for essential services, which amplifies exposure to cybersecurity threats.

Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence at SecurityScorecard, noted:

“Nearly all major U.S. banks faced third-party breaches, exposing serious weaknesses across our interconnected digital ecosystem. The recent CrowdStrike incident showed how even a single vendor issue — without a direct breach — can create widespread risk. One compromised vendor could destabilize the entire financial system.”


Key Findings from the Report

  1. Widespread Third-Party Breaches
    • 97% of the top 100 U.S. banks reported third-party breaches.
    • Only 6% of vendors were compromised, demonstrating the extensive impact of a single breach.
  2. Fourth-Party Risks
    • 97% of banks also experienced fourth-party breaches, tracing vulnerabilities back to just 2% of their vendors.
  3. Industry-Wide Challenges
    • Each of the top 10 U.S. banks encountered third-party breaches, signaling a systemic issue across the industry.

Recommendations for Strengthening Cybersecurity in Banking

The SecurityScorecard STRIKE team provided actionable insights to mitigate these risks:

  1. Monitor External Attack Surfaces Continuously
    • Use automated scanning tools to identify vulnerabilities across vendor and partner environments.
  2. Map and Identify Single Points of Failure
    • Develop a detailed map of critical business processes and technologies to pinpoint single points of failure.
    • Create a watchlist for vendors that pose significant risks.
  3. Detect New Vendors Automatically
    • Passively monitor IT deployments of vendors to identify hidden risks in the supply chain.
  4. Enhance Incident Response Capabilities
    • Implement a robust incident response plan to mitigate damage from potential breaches quickly.

Methodology

SecurityScorecard analyzed the cybersecurity performance of the top 100 U.S. banks by market capitalization. Over 9,000 domains and third- and fourth-party vendors were assessed. The proprietary scoring system evaluates ten key cybersecurity factors to calculate a risk score (graded A to F), offering predictive insights into breach potential.


Why Third-Party Breaches Matter in Banking

Third-party breaches expose critical weaknesses in banking supply chains, potentially leading to:

  • Data Loss: Sensitive customer and financial data could be compromised.
  • Reputational Damage: Breaches can erode customer trust and brand reputation.
  • Regulatory Penalties: Non-compliance with cybersecurity regulations can result in hefty fines.

The report emphasizes that these risks extend beyond direct vendors. Fourth-party breaches, or vulnerabilities in vendors’ supply chains, amplify the potential for widespread damage.


About SecurityScorecard and the STRIKE Team

SecurityScorecard, founded in 2014, is a global leader in cybersecurity ratings, trusted by over 25,000 organizations. The company’s STRIKE team combines threat intelligence, incident response expertise, and supply chain cyber risk analysis to help organizations understand and mitigate cybersecurity risks effectively.

SecurityScorecard’s ratings are based on non-intrusive data collection, offering transparency and actionable insights for enterprise risk management, board reporting, and regulatory compliance.

With its FedRAMP Ready designation, SecurityScorecard ensures robust security standards for protecting sensitive information. It is also recognized by the U.S. Cybersecurity & Infrastructure Security Agency (CISA) as a free cybersecurity tool.


 Proactive Cybersecurity is Non-Negotiable

The findings of the 2024 SecurityScorecard report make it clear that cybersecurity in the banking sector must evolve to address the rising threat of third- and fourth-party breaches. By investing in advanced threat intelligence, continuous monitoring, and strategic incident response plans, banks can safeguard their systems, maintain resilience, and protect their customers.

For more insights and strategies to enhance your cybersecurity posture, visit SecurityScorecard or connect with us on LinkedIn.

Tags

Share this post:

Leave a Reply

Your email address will not be published. Required fields are marked *

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore