Black Kite's 2025 Report Reveals Hidden Risks in Financial Services Vendor Ecosystem

An Insight into Black Kite's 2025 State of Financial Services Report



In an era where cyber threats are constantly evolving, understanding the vulnerabilities within vendor ecosystems in the financial services sector is of paramount importance. Black Kite, a leading entity in cyber third-party risk intelligence, has issued a significant report, titled 2025 State of Financial Services: Hidden Dangers in the Vendor Ecosystem. This report shines a spotlight on the unaddressed risks that these organizations face, especially from their third-party vendors, which could be the weakest links in their cybersecurity strategies.

Declining Direct Attacks but Rising Indirect Risks


The report begins by noting an interesting trend in ransomware attacks. Over the last two years, the number of direct ransomware attacks targeting the financial sector has declined. For instance, from a staggering 191 reported attacks in 2023, the figures have significantly dropped to 156 in 2024 and only 55 as of mid-2025. This downturn can be partially attributed to improved security measures within financial institutions and the dismantling of powerful ransomware groups like LockBit and AlphV. Yet, despite this positive outlook, Black Kite warns that the financial sector remains vulnerable. The focus of attackers is now shifting towards exploiting lesser protected third-party vendors that serve banks and financial institutions, allowing for dangerous indirect access to these organizations.

Identifying the Glaring Risks


The key findings from the report reveal concerning levels of vendor vulnerability. It is alarming to discover that a staggering 92% of third-party vendors evaluated received scores ranging from C to F in critical areas like information disclosure, suggesting a systematic failure in managing sensitive information. This is a worrying statistic indicating that many vendors lack robust defenses and necessary regulatory obligations when compared to financial institutions. This disparity creates a vulnerable entry point for attackers, often leading to substantial damage when breaches occur.

Among other alarming insights in the report, it was revealed that 65% of the vendors surveyed were not keeping their systems up to date with current patches, effectively leaving them open to known vulnerabilities and potential zero-day exploits. Furthermore, 31 out of 140 vendors exhibited at least one critical vulnerability, with even more worrisome assessments indicating high-risk threat categories across many of the vendors investigated.

The Butterfly Effect of Vendor Vulnerabilities


The vast implications of compromises in vendor security extend beyond cyber threats. The report highlights real-world consequences such as operational disruptions that affect entire supply chains. For instance, Cl0p's targeting of organizations with outdated systems led to extensive disruptions for various related industries in December 2024. Retailers faced challenges in shipment tracking, and manufacturers dealt with production halts due to integration failures across compromised systems. Such examples illustrate the far-reaching effects of vendor vulnerabilities that can cascade throughout the financial ecosystem.

A Call to Action for Financial Institutions


In light of these findings, Black Kite calls for financial institutions to adopt a proactive, intelligence-driven approach to manage vendor risks effectively. Merely relying on internal defenses is no longer adequate; institutions must also scrutinize the security postures of their supply chain partners. By doing so, they can enhance their overall cybersecurity strategies and effectively protect their customers' assets and the stability of the financial ecosystem as a whole.

Conclusion


As financial institutions gear up for an increasingly digital landscape, understanding and mitigating the hidden dangers within their vendor ecosystems is crucial. Black Kite's findings are not just statistics; they represent a wake-up call for financial services to evaluate and enhance their vendor risk management frameworks. By prioritizing cybersecurity at all levels, from direct operations to third-party collaborations, the financial sector can better safeguard against evolving cyber threats. Visit Black Kite’s website for further insights and access the full report.

Topics Financial Services & Investing)

【About Using Articles】

You can freely use the title and article content by linking to the page where the article is posted.
※ Images cannot be used.

【About Links】

Links are free to use.