INFOGRAPHICS
Key insights from Modern Bank Heists Report 2025
For three years running, Contrast Security has surveyed some of the world’s leading financial institutions to better understand their cyber threat landscape and the extent to which they are — or are not — addressing key threats.
7 numbers you should know:
- Two-thirds of respondents said they have experienced a cyber incident in the last 12 months.
- Over 71% said zero-day attacks were the biggest issue they faced in regard to safeguarding their applications and Application Programming Interfaces (APIs).
- APIs and cloud environments were two of the three most common attack vectors.
- Over half said they had experienced a supply chain attack.
- Close to 64% of respondents said they had experienced cybersecurity incidents wherein the adversary is attempting to steal non-public information.
- 60% said their investments in extended detection and response (XDR) did not provide visibility into behavioral anomalies at the application layer.
- Over 62% said they were planning to invest in Application Detection and Response (ADR) in 2025.

In Modern Bank Heists Report 2025, learn more about the application layer threats themselves and what attackers want to do once they gain entry. Understand more about what financial institutions are doing to better protect their applications and APIs today, and how their defenses will likely evolve in the coming months.
Secure your apps and APIs from within
Schedule a one-to-one demo to see what Contrast Runtime Security can do for you