Half of global financial services organisations have fallen victim to sensitive data theft of system failure and downtime due to insecure software or technology, a survey conducted by Ponemon Institute revealed.

The study, commissioned by Synopsys, found that many firms were struggling to manager cyber security risk in their supply chain and were failing to assess their software for security vulnerabilities before releasing it.

More than half (56 per cent) of respondents claimed to have experienced system failure or downtime, while 51 per cent of them had been the victim of theft of sensitive customer data, as a result of insecure software or technology.

However, 56 per cent of respondents were effective at detecting and 53 per cent containing cyber-attacks, rather than preventing them.

Furthermore, almost three-quarters (74 per cent) of them were “concerned” or “very concerned” about the security posture of third-party software and systems.

Despite this, only 43 per cent said their organisations impose cyber security requirements on third parties involved in developing financial software and systems. Just 43 per cent of respondents said they have a formal process for inventorying and managing the open source code in their software portfolios.

While a majority of the organisations included in the study follow a secure development life cycle (SDLC) process, they reported that their companies test, on average, only 34 per cent of all financial software and technology developed or in use by the firm for security risks.

For the software and technology that is tested for vulnerabilities, only 48 per cent of respondents reported that security testing occurs in the pre-release phases of the SDLC, such as the requirements and design phase or the development and testing phase.

Commenting on the findings, Synopsys Software Integrity Group managing director Drew Kilbourne said: “While the financial services industry is relatively mature in terms of their software security posture, organisations are grappling with a rapidly evolving technology landscape and facing increasingly sophisticated adversaries.

“There is no single right approach to software security, but this study clearly shows that there is a significant need for improvement in supply chain risk management.”

Share Story: