Methodology of the Report

The data presented in this report is the result of a multi-source, intelligence-led investigation by the Black Kite Research Group™. It synthesizes extensive threat intelligence, ransomware tracking, vendor ecosystem analysis, and cyber risk telemetry to provide a comprehensive view of systemic third-party vulnerabilities in the financial sector.

1. Data Sources and Scope

This report integrates several streams of intelligence curated by the Black Kite Research Group between January 2023 and Q1 2026. The ransomware-related data specifically includes only confirmed victims where both encryption and data leaks were verified, and attribution to a known ransomware group was clearly established.

All vendor-related data was derived from Black Kite’s proprietary telemetry and publicly available information, supplemented by intelligence gathered from surface, deep, and dark web sources.

2. Industry Classification and Exclusions

To maintain analytical consistency, industry classifications were aligned to NAICS (North American Industry Classification System) codes. While 52 NAICS codes were reviewed, the code 524 (Insurance Carriers and Related Activities) was deliberately excluded from the final figures due to its structural and regulatory segmentation. However, entities under 5251 (Insurance and Employee Benefit Funds) were included, as they represent financial investment mechanisms rather than insurance providers.

3. Company Size and Risk Posture Analysis

The Black Kite Research Group analysts estimated company size using public financial disclosures, third-party databases, and organizational benchmarks. The Black Kite platform was used to assess each organization's cybersecurity posture before and after incidents, enabling comparative susceptibility analysis.

4. Vendor Selection Criteria

The 140-vendor pool was selected based on a single criterion: vendors whose client base includes at least 10% financial sector customers, regardless of company size. From within this pool, the Top 20 represents the vendors most relied upon by financial institutions, ranked by the breadth of their financial-sector customer base. The broader sample of approximately 17,000 vendors represents companies actively monitored by Black Kite's financial sector customers, without targeted selection criteria, serving as a representative baseline for comparative analysis.

5. Standardization and Integrity Controls

To prevent data inflation, Black Kite Research Group applies a standardized victim counting methodology. Attacks targeting chains, networks, or holding structures are counted as a single incident unless distinct disclosures exist.

6. Cyber Rating Explained

The Black Kite Cyber Ratings range from 1 to 100 and cover 20 risk categories. Scores are also translated into letter grades for clarity:

  • A (Excellent): 90–100
  • B (Good): 80–89
  • C (Fair): 70–79
  • D (Poor): 60–69
  • F (Failing): 0–59

7. Limitations

This report reflects only publicly disclosed ransomware incidents and observable vendor risk indicators. Many breaches, especially those involving smaller entities or resolved discreetly, go unreported. Consequently, the findings represent a conservative lower bound of systemic third-party risk exposure.

Find more Black Kite research at https://blackkite.com/resources?filter=reports.

PREVIOUS