50% of firms in the financial services industry are still operating on outdated or on-premise infrastructure, which fails to meet modern transparency and documentation requirements.

51% of firms identified data discovery as a top priority for improving audit readiness and control visibility.

45% of firms in the financial services sector prioritize automated evidence collection and document management for enhancing audit readiness and control visibility.

54% of firms in the financial services industry still rely on spreadsheets or in-house systems to track security controls.

36% of U.S. financial services executives reported lacking sufficient internal expertise to meet regulatory mandates.

42% of U.S. financial services executives identified staying current with evolving regulations as their top compliance challenge.

Financial services organizations have 35% of their devices classified as extended IoT.

Financial services globally experienced a suspected fraud attempt rate of 3.3% in H1 2025.

For transactions in the Dominican Republic, the financial services sector reported the highest suspected fraud rate at 18.2%.

68% of Financial Services professionals are using AI daily.

82% of Financial Services professionals are very confident in their AI skills.

80% of employees in the financial services industry have received training on AI safety and data security.

Only 2% of Financial Services professionals reported no AI training at all.

2% of employees in financial services reported no training in AI tools.

68% of AI users in financial services engage with AI daily.

The half-life for serious findings is 147 days in the financial services industry. This metric, which accounts for unresolved vulnerabilities, places FS ninth overall out of the thirteen measured industries.

68% of financial services leaders highlight GenAI-related risks as a top concern.

Server security misconfigurations: 34.9% in the financial services industry (versus 27.9% average in other industries).

Financial services firms demonstrate strengths in avoiding common, code-level flaws due to mature security programs and automated scanning (SAST/DAST). However, they struggle with vulnerabilities that require human-led testing.

Approximately one-third of serious issues are never resolved by the organizations in the financial services industry, contributing to backlog and systemic risk.