Black Kite Releases 2025 State of Financial Services: Hidden Dangers in the Vendor Ecosystem, Uncovering Critical Weaknesses that Pose Considerable Risks to Financial Institutions

BOSTON, MA – July 10, 2025 — Black Kite, the leader in cyber third-party risk intelligence, today announced its newest report, 2025 State of Financial Services: Hidden Dangers in the Vendor Ecosystem, which explores the shifting landscape of cyber threats in the financial sector, highlighting the critical importance of understanding and mitigating the hidden dangers within the vendor ecosystem. The report found that while banks and financial institutions possess strong defenses, third-party vendors often lack the same level of security, providing attackers with indirect access to the institutions they serve.

“Our research found that while direct attacks on the financial industry appear to be decreasing, this sector is far from safe,” said Ferhat Dikbiyik, Chief Research and Intelligence Officer, Black Kite. “A critical area that must be addressed is third-party risk. We uncovered many weaknesses across vendor companies. The reality is that they just do not have the same robust defenses and regulatory obligations as the financial industry, and when these vendors are breached, the impact can be widespread and significant.”

Over the past two years, successful ransomware attacks targeting the financial sector have decreased, from 191 disclosed victims in 2023 to 156 in 2024 and 55 as of mid-2025. There are several reasons why they are seeing a decrease, including difficulty in breaching systems and changes to the ransomware ecosystem. As highlighted in Black Kite’s 2025 Ransomware Report, the dismantling of major and well-equipped ransomware groups, such as LockBit and AlphV, led to fragmentation. This has opened the door to less sophisticated groups and Ransomware-as-a-Service (RaaS) tools being sold as an entry point for less experienced individuals. For instance, nearly one-third (26.6%) of finance threat actors are attributed to “Other,” which includes emerging or short-lived groups, reinforcing ransomware’s landscape as more fragmented, unpredictable, and opportunistic than ever.

Highlighting third-party risks, attackers are shifting from targeting financial institutions directly to exploiting weaker links within their ecosystems. External service providers, software vendors, and infrastructure partners often serve as alternative and more vulnerable entry points for attackers. Therefore, while the drop in direct attacks is promising, the risk of indirect access through third parties poses a serious threat.

The report’s key findings include:

• Shifting Attack Focus: Attackers increasingly exploit weaker links within the financial ecosystem, primarily through third-party vendors. This indicates that 65% of vendors are not maintaining current patch levels, which exposes financial institutions to inherited risk from known CVEs and potentially unpatched zero-day vulnerabilities in legacy technologies.
• Pervasive Vendor Vulnerabilities: A significant number of vendors exhibited critical security weaknesses, including outdated systems, poor patch management, and credential exposures. Black Kite researchers found that 31 out of 140 vendors have at least one critical vulnerability with a CVSS at or above 8, and 15 vendors show an extremely high risk with CVSS scores above 9. Additionally, Black Kite FocusTags™ found 90 vendors are flagged with high-risk threat categories, including 35 marked with KEV tags.
• Growing Supply Chain Impact: Vulnerabilities in vendors can lead to security risks for financial companies, even from non-cyber events like service outages. Case in point, in December 2024, Cl0p actively targeted companies using unpatched versions of Cleo’s MFT products. Cl0p claimed responsibility, listing 66 victims on their dark web extortion site, but researchers estimated that the actual number of impacted organizations to be in the hundreds. The exploitation resulted in operational disruptions across various sectors linked to financial supply chains, including retailers that faced delays in shipment tracking and inventory management, and manufacturers with production halts and increased downtime due to compromised integrations. 
• Declining Direct Ransomware Attacks: The number of direct ransomware attacks on the financial sector has decreased from 191 companies in 2023 to 55 as of mid-2025, largely due to the implementation of strong defenses and the disruption of major threat groups.

Financial institutions can no longer afford a false sense of security based solely on their internal defenses. They must mitigate the dangers within their supply chain by adopting a proactive, intelligence-driven approach to vendor risk management. Only then can they truly strengthen their cybersecurity posture against the evolving landscape of threats to protect their assets, customers, and the stability of the broader financial ecosystem.

To read the report, visit here.

Methodology

The report’s data comes from a multi-source, intelligence-led investigation by the Black Kite Research & Intelligence Team (BRITE), with integrated streams of intelligence curated by BRITE between January 2023 and May 2025. The report focused on a targeted analysis of 140 vendors serving the financial sector. Selection was made based on a unique criterion: vendors whose client base included at least 10% financial sector customers, regardless of company size. This ensured that the analyzed vendor pool reflected high relevance and potential impact on the financial services supply chain.

About Black Kite

Black Kite gives organizations a comprehensive, real-time view into cyber ecosystem risk so they can make informed risk decisions and improve business resilience while continuously monitoring more vendors, partners, and suppliers in an ever-changing digital landscape. Through an automated process, and a combination of threat, business and risk information, Black Kite provides cyber risk intelligence that goes beyond a simple risk score or rating. Black Kite serves more than 3,000 customers in a wide range of industries and has received numerous industry awards and recognition from customers.

Learn more at www.blackkite.com, or on the Black Kite blog.

Media Contact:

Michelle Kearney

Hi-Touch PR

443-857-9468

[email protected]