As Application Security (AppSec) becomes more paramount for financial services organizations the need for Runtime Security increases.
Current state of AppSec in the financial sector
There has been a 53% increase in zero-days over the past year. Cyber vigilance is imperative in the financial sector.
Over 4x increase in zero-day vulnerabilities between 2013 and 2023.
57% of businesses impacted by the MOVEit file share app compromise in 2023 were financial services businesses, or related third parties.
65% increase in attacks targeting APIs and web applications of financial services businesses between Q2 2022 and Q2 2023.
The financial sector has 141% more high-severity vulnerabilities per app compared with overall averages.*
Top types of attacks used to go after the financial sector’s web applications and APIs:
- 58% Local file inclusion (LFI) vulnerabilities
- 24% Cross-site scripting (XSS)
- 11% Structured Query Language injection (SQLi)
76% of global finance CISOs polled admit to having gaps in their security posture.
74% of these CISOs said that the volume of alerts they receive is too high.
A typical financial services business deals with more than 2,200 AppSec alerts a month.
- 46% said development teams should be taking responsibility for the security of their code, but not due to a lack of expertise.
- 42% said it was difficult to catch application vulnerabilities after launch.
Why Runtime Security for the financial sector?
- Analyze code 10x faster than traditional tools, such as Dynamic Application Security Testing (DAST).
- Reduce new vulnerability detection rate from approximately 50 per year to approximately 11.
- Reduce mean time to respond/remediate (MTTR) from 275 days to three.
Runtime Security enables financial services to quickly close 87% of all critical vulnerabilities.*
For financial institutions using Runtime Security, MTTR for critical vulnerabilities is 51% lower than industry averages.*