Mitigating Third-Party Risks: The Key to Preventing Nearly Half of Fintech Breaches

In the ever-evolving landscape of financial technology (fintech), cybersecurity has emerged as a critical concern. A recent report by SecurityScorecard for 2025, titled “Defending the Financial Supply Chain: Strengths and Vulnerabilities in Top Fintech Companies,” reveals that a staggering 41.8% of cybersecurity breaches affecting top fintech firms originate from third-party vendors. This highlights the pressing need for robust cybersecurity measures within the fintech sector.

Key Findings from the 2025 Fintech Cybersecurity Report

The report draws from an extensive analysis of the cybersecurity posture of 250 leading fintech companies. Here are some of the most significant insights:

• Publicly Reported Breaches: 18.4% of fintech companies have encountered publicly reported breaches, with 28.2% of these companies experiencing multiple incidents.
• Third-Party Risks: Third-party vendors are responsible for 41.8% of breaches, while fourth-party exposures account for an additional 11.9%, far exceeding the global average.
• Technology Vulnerabilities: Common culprits include file transfer software and cloud platforms.

Despite these challenges, fintech firms maintain the strongest cybersecurity posture among all industries studied, achieving a median SecurityScorecard rating of 90. Remarkably, 55.6% of companies received an “A” grade.

Identifying Weaknesses in Fintech Security

While the overall cybersecurity ratings are impressive, the report identifies critical areas for improvement:

• Application Security: Nearly 46.4% of companies scored poorly in this area, facing issues like unsafe redirect chains and misconfigured storage.
• DNS Health: This was also cited as a prevalent weakness that needs addressing.

Recommendations for Enhancing Cybersecurity in Fintech

In light of these findings, the STRIKE team at SecurityScorecard offers several strategic recommendations:

1. Enhance Vendor Oversight: Classify vendors based on exposure and breach history rather than solely on financial value.
2. Contractual Protections: Include clauses for breach notifications and disclose downstream dependencies to mitigate cascading risks.
3. Secure Infrastructure: Focus on securing shared infrastructure, particularly file transfer systems and cloud storage.
4. Conduct Regular Audits: Ensure partners adhere to secure implementation practices.
5. Close Security Gaps: Prioritize application security and DNS health to protect customer-facing assets.
6. Implement Multi-Factor Authentication: Enforce MFA and monitor for reused credentials to combat credential-based threats.
7. Scrutinize Repeat Breaches: Treat vendors with a history of incidents as high-risk during onboarding and contract renewals.

By following these recommendations, fintech companies can significantly enhance their cybersecurity posture and protect against emerging threats in the digital landscape.

For further insights into cybersecurity in fintech, explore our related articles on cybersecurity strategies and the importance of vendor risk management.