Why financial services organizations need Runtime Security

As Application Security (AppSec) becomes more paramount for financial services organizations the need for Runtime Security increases.

Current state of AppSec in the financial sector

There has been a 53% increase in zero-days over the past year. Cyber vigilance is imperative in the financial sector. 

Over 4x increase in zero-day vulnerabilities between 2013 and 2023.

57% of businesses impacted by the MOVEit file share app compromise in 2023 were financial services businesses, or related third parties.

65% increase in attacks targeting APIs and web applications of financial services businesses between Q2 2022 and Q2 2023.

The financial sector has 141% more high-severity vulnerabilities per app compared with overall averages.*

Top types of attacks used to go after the financial sector’s web applications and APIs: 

• 58% Local file inclusion (LFI) vulnerabilities
• 24% Cross-site scripting (XSS)
• 11% Structured Query Language injection (SQLi)

76% of global finance CISOs polled admit to having gaps in their security posture.

74% of these CISOs said that the volume of alerts they receive is too high.

A typical financial services business deals with more than 2,200 AppSec alerts a month.

• 46% said development teams should be taking responsibility for the security of  their code, but not due to a lack of expertise.
• 42% said it was difficult to catch application vulnerabilities after launch.

Why Runtime Security for the financial sector?

• Analyze code 10x faster  than traditional tools, such as Dynamic Application Security Testing (DAST).
• Reduce new vulnerability detection rate from approximately 50 per year to approximately 11.
• Reduce mean time to respond/remediate (MTTR) from 275 days to three.  

Runtime Security enables financial services to quickly close 87% of all critical vulnerabilities.*

For financial institutions using Runtime Security, MTTR for critical vulnerabilities is 51% lower than industry averages.*