A recent Contrast Security report revealed that the financial sector faced a surge in attacks, with 64% of respondents reporting cybersecurity incidents in the past 12 months.

Researchers found that 71% of respondents reported zero-day attacks as the key concern to safeguarding applications and APIs, followed by dwell time (43%) and lack of visibility into the application layer (38%).

Financial institutions are further challenged by legacy technology, with 82% over-relying on web application firewalls (WAF) and 61% saying they considered their WAFs to be effective. However, reliance on WAFs alone is inadequate against zero-day exploits and modern application attacks. In light of all this, it’s no surprise that zero days were the top application-related security concern. In fact, fewer than 25% said they were confident that their current security controls could mitigate such an attack.

The report’s key findings include:

• Two-thirds of financial institutions have experienced a cyber incident in the last 12 months
• Respondents reported a 12.5% increase in destructive cyberattacks, which are launched punitively to destroy data and burn the evidence as part of a counter-incident response
• More than two-thirds experienced attacks focused on stealing non-public market information, with cybercriminals using it for insider trading, digital front running, and shorting stock before they dox the stolen, confidential data to the regulators
• More than 71% said zero-day attacks were the biggest issue they faced in regard to safeguarding their applications and APIs
• More than half experienced a supply chain attack
• 60% said their investments in XDR did not provide visibility into behavioral anomalies at the application layer

Download the report.