78% of Europe’s top financial institutions faced third-party breaches

SecurityScorecard’s latest research, centred on the looming Digital Operational Resilience Act (DORA) compliance deadline of January 2025, reveals a disturbing level of third-party and fourth-party cybersecurity breaches among Europe’s largest financial institutions.

The report analysed 240 such institutions and found that 78% had experienced a third-party data breach in the past year. An even higher percentage, 84%, were exposed to a fourth-party breach, illustrating a complex web of hidden risks.

Shockingly, only 3% of third-party vendors examined were breached, revealing the immense “butterfly effect” of supply chain attacks and the power they hold in the threat landscape. Meanwhile, a concerning 18% of financial institutions were rated ‘C’ or below in terms of cybersecurity, making them four to seven times more likely to suffer a breach than ‘A’ rated institutions.

The study also shed light on industry-specific vulnerabilities. Retail banks emerged as the most vulnerable, with 82% experiencing a third-party breach in the past year, and 8% suffering from breaches within their own domain.

Insurance firms reported the lowest security scores, with 24% having a ‘C’ security rating or below, and 78% reported a third- or fourth-party breach. On the other hand, private equity firms appeared to be faring best, with no breaches on their own domains, and the highest ratings, with only 9% at a ‘C’ rating or below.

The DORA regulation aims to bring a systematic approach to digital cyber risk. It mandates that financial entities identify and assess all third-party risks, including threats to data, systems, and the entity’s continued operation in the event of an incident.

SecurityScorecard Chief Sales Officer Matthew McKenna stated, “If nearly 20% of the most well-resourced financial entities in the EU have grades of C or worse, then it’s likely that the overall cyber resilience for other financial entities is actually much lower.”

Dan Morgan, Senior Government Affairs Director, Europe & APAC, SecurityScorecard, noted, “Who financial entities choose to trust and how they sustain that trust are essential factors for the resilience of the EU’s financial services sector.”

Keep up with all the latest FinTech news here.

Copyright © 2023 FinTech Global

Enjoying the stories?

Subscribe to our daily FinTech newsletter and get the latest industry news & research


The following investor(s) were tagged in this article.