ETFOptimize | High-performance ETF-based Investment Strategies

Quantitative strategies, Wall Street-caliber research, and insightful market analysis since 1998.
ETFOptimize | HOME
Close Window
Recent Quotes
My Watchlist
Indicators
Markets
Stocks
ETFs
Tools
Markets:
Overview
News
Currencies
International
Treasuries

SecurityScorecard Report Links 41.8% of Breaches Impacting Leading Fintech Companies to Third-Party Vendors

By: via Business Wire

Report reveals growing exposure in the financial supply chain as even top-rated fintech firms face systemic third- and fourth-party cyber risks

SecurityScorecard today released its 2025 sector report, Defending the Financial Supply Chain: Strengths and Vulnerabilities in Top Fintech Companies, revealing that 41.8% of breaches impacting top fintech companies originated from third-party vendors. Based on a comprehensive analysis of the cybersecurity posture of 250 of the world’s top fintech companies, the report highlights the growing disconnect between strong internal controls and external supply chain risk.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250521759145/en/

Ryan Sherstobitoff, SVP of SecurityScorecard’s STRIKE Threat Research and Intelligence Unit, said: “Fintech companies anchor global finance, but one exposed vendor can take down critical infrastructure,” said Ryan Sherstobitoff, SVP of STRIKE Threat Research and Intelligence at SecurityScorecard. “Third-party breaches aren’t edge cases—they reveal structural risk. In fintech, that means operational outages across payment systems, digital asset platforms, and core financial infrastructure.”

Key Findings:

  • Fintech firms had the strongest security posture of any industry analyzed, with a median score of 90 and 55.6% earning an “A” rating.
  • 18.4% of fintech companies experienced publicly reported breaches. 28.2% of those had multiple incidents.
  • Third-party attack vectors were responsible for 41.8% of breaches. Fourth-party exposures accounted for an additional 11.9%, more than double the global average.
  • Technology products and services were linked to 63.9% of third-party breaches, with file transfer software and cloud platforms being the most frequent points of compromise.
  • Application Security and DNS Health were the most common weaknesses, with 46.4% of companies scoring lowest in application security.

Cybersecurity Recommendations for Fintech Companies

Based on this analysis, the SecurityScorecard STRIKE team offers the following recommendations to strengthen cybersecurity across the fintech ecosystem:

  • Strengthen Third- and Fourth-Party Risk Oversight: Fintech companies should tier vendors based on exposure and breach history, not just spend or business value. Disclosing downstream dependencies and requiring incident notification clauses in contracts can reduce cascading risk from fourth-party breaches.
  • Secure Shared Infrastructure and Technical Enablers: File transfer software, cloud storage platforms and customer communication tools were the most common vectors for third-party breaches. Fintechs must audit these integrations regularly and require partners to demonstrate secure implementation practices.
  • Close Critical Application Security and DNS Gaps: Nearly half of fintechs scored lowest in application security. Unsafe redirect chains, misconfigured storage and missing SPF records were common. Remediating these foundational weaknesses should be a priority, starting with customer-facing assets.
  • Enforce Strong Credential Protections: Credential stuffing campaigns and typosquatting attacks impacted a majority of firms. Enforcing MFA, monitoring for reused credentials and taking down spoofed domains are essential to protect users and prevent cross-platform compromise.
  • Treat Repeat Breaches as a Leading Risk Signal: Companies with multiple breaches accounted for the majority of total incidents. Vendors with prior breach history, especially those with known third-party exposures, should face enhanced scrutiny during onboarding and renewals.

Download the report.

Methodology

This report evaluates the cybersecurity posture of 250 leading fintech companies, selected for their global reach, industry influence, and operational scale. The companies span a wide range of financial technology segments, including payments, digital assets, neobanking, financial planning, and infrastructure providers.

About SecurityScorecard

SecurityScorecard created Supply Chain Detection and Response (SCDR), transforming how organizations defend against the fastest-growing threat vector—supply chain attacks. Our industry-leading security ratings serve as the foundation and core strength, while SCDR continuously monitors third-party risks using our factor-based ratings, automated assessments and proprietary threat intelligence, to resolve threats before they become breaches. MAX enables response and remediation capability, working through our service partners to protect the entire supply chain ecosystem while strengthening operational resilience, enhancing third-party risk management and mitigating concentrated risk.

Trusted by over 3,000 organizations—including two-thirds of the Fortune 100—and recognized as a trusted resource by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Backed by Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, NGP, Intel Capital and Riverwood Capital, SecurityScorecard delivers end-to-end supply chain cybersecurity that safeguards business continuity.

Learn more at securityscorecard.com or follow us on LinkedIn.

Contacts

Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms Of Service.


 
IntelligentValue Home
Close Window

DISCLAIMER

All content herein is issued solely for informational purposes and is not to be construed as an offer to sell or the solicitation of an offer to buy, nor should it be interpreted as a recommendation to buy, hold or sell (short or otherwise) any security.  All opinions, analyses, and information included herein are based on sources believed to be reliable, but no representation or warranty of any kind, expressed or implied, is made including but not limited to any representation or warranty concerning accuracy, completeness, correctness, timeliness or appropriateness. We undertake no obligation to update such opinions, analysis or information. You should independently verify all information contained on this website. Some information is based on analysis of past performance or hypothetical performance results, which have inherent limitations. We make no representation that any particular equity or strategy will or is likely to achieve profits or losses similar to those shown. Shareholders, employees, writers, contractors, and affiliates associated with ETFOptimize.com may have ownership positions in the securities that are mentioned. If you are not sure if ETFs, algorithmic investing, or a particular investment is right for you, you are urged to consult with a Registered Investment Advisor (RIA). Neither this website nor anyone associated with producing its content are Registered Investment Advisors, and no attempt is made herein to substitute for personalized, professional investment advice. Neither ETFOptimize.com, Global Alpha Investments, Inc., nor its employees, service providers, associates, or affiliates are responsible for any investment losses you may incur as a result of using the information provided herein. Remember that past investment returns may not be indicative of future returns.

Copyright © 1998-2017 ETFOptimize.com, a publication of Optimized Investments, Inc. All rights reserved.