#USA #Boston #Cyber Risk #Ransomware #Black Kite

Black Kite's 2026 State of Financial Services Report

In the rapidly evolving landscape of cybersecurity, Black Kite's recent report titled "2026 State of Financial Services: The Dual Storm of Ransomware and Vendor Ecosystem Risk" has raised significant red flags for the financial industry. The report indicates a startling resurgence in ransomware attacks, with a 76% year-over-year increase in incidents targeting financial institutions in the first quarter of 2026. This alarming trend coincides with a dramatic rise in vulnerabilities within the vendor ecosystems upon which these financial institutions depend.

The Emerging Threat Landscape

Historically, financial institutions viewed cybersecurity threats through a singular lens, focusing either on direct attacks or on risks stemming from third-party vendors. However, the current situation reveals a complex and dual-front crisis that demands a comprehensive approach. Ferhat Dikbiyik, Chief Research Intelligence Officer at Black Kite, highlights the necessity for financial institutions to transcend traditional internal controls and instead enhance their visibility and responsiveness across their entire ecosystem.

In contrast to 2024, when law enforcement efforts disrupted major ransomware groups such as LockBit and Clop, leading to a temporary respite, 2025 witnessed a resurgence of direct ransomware attacks. The number of distinct groups targeting the financial sector has risen from 37 in 2023 to a staggering 48 by 2025, with new actors like Qilin, Akira, and Kill Security emerging as significant threats.

Shifting Focus and Increasing Vulnerabilities

The report's data reveals a significant shift in the primary target of ransomware attacks within the financial sector. In 2023, banks suffered the most, reporting 71 ransomware incidents. However, by 2025, this trend reversed dramatically, with investment firms becoming the predominant targets. The transition to investment firms as the leading victims was propelled by a noteworthy campaign in September 2025 against South Korean asset managers, which alone accounted for 32 incidents. This shift underscores the adaptive strategies of attackers as they seek out the most vulnerable targets.

Adding to the complexity of the threat landscape is the exponential growth in vulnerabilities, with over 48,000 Common Vulnerabilities and Exposures (CVEs) logged in 2025—a staggering 18% increase from the previous year. Notably, 50.2% of vendors servicing financial institutions carry high-severity CVEs, illustrating the critical need for robust vendor management and oversight. The escalating pace of cyberattacks is highlighted by the fact that vulnerability exploitation has become the leading access vector for breaches, surpassing phishing for the first time in recorded history.

Key Findings from Black Kite's Report

The dual threats outlined in the report can be summarized by several alarming findings:

• - Resurgence of Ransomware: Direct ransomware attacks are back on the rise, marking a 30% increase from 2024 to 2025, with Q1 2026 data reflecting a 76% increase year-over-year.
• - Widespread Vendor Risk: Just one compromise, such as that conducted by Qilin against a South Korean Managed Service Provider (MSP), resulted in breaches affecting 32 financial institutions and the loss of over 2 terabytes of data.
• - Increased Threat Actor Activity: The financial sector now faces threats from 48 different groups, with emerging players swiftly taking over territory previously held by dismantled organizations.
• - Escalating Vulnerabilities: The number of critical vulnerabilities across financial vendors surged by 387% from 2024 to 2025, highlighting the pressing need to enhance patch management and vulnerability assessment.

Responding to the Crisis

As the cyber threat landscape grows increasingly complex, financial institutions must also grapple with the vulnerabilities carried by their third-party vendors. Despite robust regulatory frameworks governing the financial sector, many third-party vendors remain inadequately scrutinized, widening the exposure gap and complicating cyber risk management efforts.

With the shift in the threat landscape, resilience now hinges on the capability to identify, prioritize, and respond effectively to critical vulnerabilities both internally and across the vendor network. Continuous monitoring, predictive analytics, and rigorous risk quantification have emerged as essential operational necessities as opposed to mere differentiators. Black Kite's report serves as a wake-up call, emphasizing the need for strategic shifts in risk management practices across the industry.

To delve deeper into the alarming statistics and analysis presented in Black Kite's report, visit Black Kite's website.

About Black Kite

Black Kite is a pioneering platform specializing in third-party cyber risk management, leveraging AI-driven insights to help over 3,000 clients manage their supplier risks. With a focus on transparency and actionable intelligence, Black Kite provides tools for monitoring vendor vulnerabilities, enabling organizations to take proactive measures against emerging cyber threats. For more information, please visit Black Kite's official site.