X-Industry

The Cyber Risk Realities in Financial Services & Insurance

Posted by Jim McKee on November 18, 2025 at 8:00am

30989139496?profile=RESIZE_400xThe Dun & Bradstreet Financial Services & Insurance Pulse Survey 2025, built on responses from more than 2,000 senior professionals across five markets (US, UK, Sweden, Germany, Switzerland), reveals a sector racing to modernize but hamstrung by legacy systems, fragmented data, and intensifying cyber risk.  It is a familiar paradox for CISOs: record spending on innovation yet growing unease that resilience isn't keeping pace.  Cybersecurity sits at the very top of industry concern, with 79% of financial services and insurance (FS&I) leaders listing it as their greatest vulnerability, followed closely by fraud at 78%.

Dun & Bradstreet's analysts note in their findings that "traditional defenses are becoming antiquated," with 70% of firms stating they feel more vulnerable than they did 18 months ago.

Regional patterns amplify the story:

  • US firms exhibit the highest level of anxiety, with 85% citing cyber risk as a top threat.
  • Insurers emerge as the most risk-aware cohort, with over 80% expressing concern in cybersecurity, fraud, and compliance.

Cyber risk now extends far beyond direct breaches into data-driven financial crime, regulatory exposure, and algorithmic manipulation as AI takes root in core systems.   Nearly 69% of organizations have increased investment in cybersecurity solutions, yet 38% admit they remain unprepared to handle them effectively.

See:  https://redskyalliance.com/dnb for information on how Red Sky Alliance can help better protect any DNB number in the world.

Budget limitations (31%), regulatory friction (30%), and the difficulty of quantifying risk (29%) all slow progress.  This gap between ambition and execution mirrors what many security leaders face: the transition from reactive compliance spending to data-driven, predictive resilience.

The third-party trap - If any finding should alarm cybersecurity leaders, it's this: 91% of FS&I firms have suffered negative consequences from poor third-party risk management, at an average cost of $706,000 per incident, nearly $1.5 million in Germany.

Consequences include:

  • Financial loss (41%)
  • Security breaches (35%)
  • Lost opportunities (35%)
  • Reputational damage (33%)

As D&B's Dirk Radetzki warns, "Third-party risk is the adversary of operational resilience.  Firms must move to continuous monitoring and real-time vendor scoring." For cyber teams, this translates into integrating supplier telemetry, API-driven threat feeds, and shared risk exchanges directly into governance workflows.  Nearly two-thirds (64%) of respondents report that they cannot make informed decisions with existing data, and 73% are unable to effectively assess non-financial risks.

Data silos, duplicates, and manual processes persist:

  • 59% report duplicate records.
  • 52% cite siloed datasets.
  • 55% say they simply "don't trust their own data."

The fallout is costly: more than half (52%) of firms have experienced failed AI projects tied to poor data quality.  For cybersecurity functions, that means threat analytics, compliance automation, and AI-driven anomaly detection all operate on shaky foundations.  As D&B's Sara de la Torre notes, "Data governance is no longer optional."  Looking toward 2026, internal use of AI (39%) and digital transformation (36%) top the sector's strategic agenda.  However, those same executives identify cyber risk (53%) and poor data quality (44%) as their top obstacles.  It is a classic build-on-sand dilemma: enterprises eager to scale machine intelligence without shoring up data integrity, access control, or model oversight.

The survey reveals that more than 60% of firms now acknowledge they'll need external data and new technology partnerships to close these gaps, providing an open invitation for cybersecurity providers specializing in AI risk management, identity governance, and secure data-sharing architectures.

Operational lessons from the field - D&B includes case studies that double as playbooks for CISOs:

  • A global bank eliminated silos by linking third-party data to the D-U-N-S Number, adding ESG and cyber-risk scores to create a unified vendor map, thereby boosting accuracy and reducing costs.
  • A global insurer automated onboarding and sanctions checks via API integration, saving 684 hours of manual risk assessments and simplifying compliance reporting.

For cybersecurity teams, these examples validate the payoff of data enrichment, automation, and API-level integration in threat and vendor-risk programs.

There are implications for cybersecurity leaders:

  1. Data is the new defense surface: Poor data hygiene can undermine every layer of cyber strategy, from risk scoring to model governance.
  2. Modernize third-party oversight by adopting real-time vendor monitoring, shared risk exchanges, and external intelligence feeds.
  3. Align AI innovation with control frameworks: Treat AI deployment as a regulated risk activity, not an R&D experiment.
  4. Automate with intent: Manual processes in onboarding and risk assessment breed errors and delay.
  5. Invest in culture and collaboration: D&B urges FS&I leaders to embed risk awareness at the board level and foster cross-functional teams that bridge IT, compliance, and business resilience.

The Pulse Survey 2025 captures an industry at a turning point as AI optimism collides with data reality.  For cybersecurity professionals, the mandate is clear: build risk intelligence on a trusted data foundation, strengthen third-party visibility, and ensure every algorithm, dashboard, and decision engine inherits that trust.  In the words of D&B's Malin Höök, "The firms that will lead the next wave of transformation are those that pair innovation with governance."

 

This article is shared at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC).  For questions, comments, or assistance, please contact the office directly at 1-844-492-7225 or feedback@redskyalliance.com    

Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122

Views: 12
Tags: tr-25-319-002, riskmanagement, operationalresilience, ciso, fraudprevention, cyberrisk, digitaltransformation, aidata, datagovernance, vendorrisk
E-mail me when people leave their comments –
Follow

You need to be a member of Red Sky Alliance to add comments!