Cyberstats

Security Intelligence

Cobalt

Cybersecurity reports and statistics published by Cobalt

8 categories4 reports

Research Reports

Reports and publications from Cobalt

State of Pentesting in Financial Services 2025

State of Pentesting in Healthcare 2025

CISO Perspectives Report: AI and Digital Supply Chain Risks

The State of LLM Security Report

Recent Statistics & Reports

Financial services firms demonstrate strengths in avoiding common, code-level flaws due to mature security programs and automated scanning (SAST/DAST). However, they struggle with vulnerabilities that require human-led testing.

Financial services Pen test Vulnerabilities

Server security misconfigurations: 34.9% in the financial services industry (versus 27.9% average in other industries).

Financial services Pen test Vulnerabilities

Approximately one-third of serious issues are never resolved by the organizations in the financial services industry, contributing to backlog and systemic risk.

Financial services Pen test Vulnerability resolution

Components with known vulnerabilities: 6.1% in the financial services industry (versus 5.5% average in other industries).

Financial services Pen test Vulnerabilities

Business logic flaws: 2.9% in the financial services industry (versus 2.3% average in other industries).

Financial services Pen test Vulnerabilities

Server-side injection (Web/API): 4.2% in the financial services industry (versus 5.3% average in other industries).

Financial services Pen test Vulnerabilities

Sensitive data exposure: 10.5% in the financial services industry (versus 8.0% average in other industries).

Financial services Pen test Vulnerabilities

68% of financial services leaders highlight GenAI-related risks as a top concern.

Financial services Pen test GenAI

46% of financial services leaders highlight insider threats as a top concern.

Financial services Pen test Insider threat

The Median Time to Remediation (MTTR) for serious findings is 61 days in the financial services industry. This ranks financial services 11th of 13 industries measured.

Financial services Pen test MTTR

78% of financial services firms report fixing critical vulnerabilities in business-critical assets within 14 days, indicating they narrowly meet strict internal SLA requirements.

Financial services Pen test Vulnerabilities

70% of financial services firms report that delays in scheduling pentests sometimes impact compliance or business timelines.

Financial services Pen test Compliance

76% of financial services leaders highlight third-party software vulnerabilities as a top concern.

Financial services Pen test Vulnerabilities

The half-life for serious findings is 147 days in the financial services industry. This metric, which accounts for unresolved vulnerabilities, places FS ninth overall out of the thirteen measured industries.

Financial services Pen test Half-life

Cross-site scripting (Web/API): 5.0% in the financial services industry (versus 9.7% average in other industries).

Financial services Pen test Vulnerabilities

Industries like hospitality resolve serious findings significantly faster than the financial services industry (61 days vs 20 days).

Financial services Pen test MTTR

The financial services industry resolves about two-thirds (66.7%) of serious findings. This ranks the industry 10 out of the 13 industries Cobalt researched.

Financial services Pen test Vulnerability resolution

Healthcare resolved only 57.4% of serious pen test findings. This ranks healthcare 11th of 13 industries. By comparison, transportation led with 80.2%.

Healthcare Pen test Vulnerabilities

71% of healthcare leaders cited GenAI as the top risk.

Healthcare GenAI

14% of healthcare organizations resolve critical findings in business-critical within eight to 14 days.

Healthcare Pen test Vulnerabilities

Showing first 20 results

Top Categories

Vulnerabilities

Financial services

6

Vulnerability resolution

Related Vendors