42% of U.S. financial services executives identified staying current with evolving regulations as their top compliance challenge.

54% of firms in the financial services industry still rely on spreadsheets or in-house systems to track security controls.

53% of CFOs in the financial services sector ranked evolving regulations as a top concern, compared to 38% of CIOs, highlighting a disconnect between financial and technical teams.

45% of firms in the financial services sector prioritize automated evidence collection and document management for enhancing audit readiness and control visibility.

50% of firms in the financial services industry are still operating on outdated or on-premise infrastructure, which fails to meet modern transparency and documentation requirements.

36% of U.S. financial services executives reported lacking sufficient internal expertise to meet regulatory mandates.

51% of firms identified data discovery as a top priority for improving audit readiness and control visibility.

The use of attack automation services increased from 31% to 36% of all attacks from Q1 to Q2 2025.

Financial services organizations have 35% of their devices classified as extended IoT.

48.54% of IT decision-makers at financial services firms reported that threat detection and security response (MDR, SOC) is currently fully or partially managed by an MSP or MSSP.

48.54% of IT decision-makers at financial services firms reported that data backup and disaster recovery is currently fully or partially managed by an MSP or MSSP.

60.19% of IT decision-makers at financial services firms reported that cloud infrastructure management (MS 365, Azure, AWS) is currently fully or partially managed by an MSP or MSSP.

31% of financial services firms still rely on quarterly or less frequent cyber assessment and vulnerability reviews.

20% of MSSP-supported financial services firms say they skip vulnerability assessments.

8% of internal financial services firms report mature response capabilities.

57.28% of IT decision-makers at financial services firms reported that network management and monitoring is currently fully or partially managed by an MSP or MSSP.

14% of MSSP-supported financial services firms report mature response capabilities.

16% of executives at financial services firms acknowledge that a lack of experienced IT or security staff is a significant weakness that could slow recovery.

More than half (57%) of financial services firms are not monitoring threats in real time.

Half of financial services firms plan to prioritize cloud adoption in 2026.