Vulnerability Management, Security Strategy, Plan, Budget, Asset Management

Critical vulnerabilities submissions increased 185% for financial sector in 2021

A computer screen is filled with code during a hackathon event on Feb. 1, 2014, in Miami. (Joe Raedle/Getty Images)

Bugcrowd on Tuesday reported that financial services companies experienced a 185% increase in the last 12 months for Priority One (P1) bug submissions, which refer to the most critical vulnerabilities.

While companies had to move fast to move digital services online once the pandemic hit in 2020, Casey Ellis, founder and CEO of Bugcrowd, said financial services companies faced even more pressure to move quickly given the sector’s importance to businesses and consumers, and the reality that a greater share of their revenue was coming from online transactions.

According to the report, this substantial investment in security saw increased activity by financial services companies with ethical hackers such as Bugcrowd. For example, submissions, payouts and P1s were up 82%, 106%, and 185%, respectively, on the Bugcrowd platform in 2021.

“We've continued to see financial services pursue the most aggressive digital transformation over the past two years,” Ellis said. “The combination of increased production of code, increased adoption of Bugcrowd’s offerings and accepting security input from the hacker community as a whole, and a strong focus on risk-based vulnerability pricing have all contributed to the increase. This bodes well for the continued leadership of this sector in cybersecurity — and specifically around using security as a means to foster and maintain customer trust — because a vulnerability found is a vulnerability that can be fixed and learned from.”

In releasing its 2022 Priority One report, Bugcrowd noted an increase in ransomware and the reimagining of supply chains, leading to more complex attack surfaces during the pandemic last year.

The report found that ransomware overtook personal data breaches as the threat that dominated cybersecurity news in 2021. Global lockdowns and remote work caused a rush to put more assets online, which led to an increase in vulnerabilities. The result was that companies worked more closely with ethical hackers to find critical threats, causing P1 and P2 bugs to make up 24% of all valid submissions for 2021.

Along with pinpointing trends across vertical markets, the Priority One report also detailed the top threats identified by Bugcrowd in 2021:

  • Cross-site scripting was the most commonly identified vulnerability type.
  • Sensitive data exposure moved up to No. 3 from No. 9 on the list of top 10 most commonly identified vulnerability types.
  • Ransomware went mainstream, and governments responded.
  • Supply chains became a primary attack surface.
  • Penetration testing entered a renaissance. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.