Fintech companies generally have solid security measures, but they face risks from weaknesses in third-party providers. A recent report from SecurityScorecard shows that while fintech ranks highest among various sectors for security posture, there are vulnerabilities stemming from external partners that could lead to breaches.
The analysis highlights a growing risk in the financial supply chain. Even leading fintech firms aren’t immune to third-party cyber risks; over 41% of breaches affecting them came from their suppliers, and more than 18% from their partners’ partners. SecurityScorecard analyzed the security practices of 250 fintech firms and pointed out a clear gap between robust internal controls and the risks posed by their supply chains. Fintechs have become essential to the global financial system, driving payments, wealth management, and fraud detection.
As traditional banks increasingly rely on fintech to stay competitive, this interdependence creates a new set of challenges. A single vulnerability in one vendor could impact the entire ecosystem. “Third-party breaches aren’t just isolated incidents; they indicate deeper structural risks,” said Ryan Sherstobitoff from SecurityScorecard. This means potential operational failures in payment systems, digital asset platforms, and other critical infrastructure.
Fintechs span areas like payments, digital assets, and neobanking. A financial security expert with 30 years in banking noted that attackers often target a range of software within this interconnected landscape. “You rely on various suppliers, and it’s often the weakest link that causes the downfall,” he explained.
By analogy, when you visit a retail website, you see just the tip of an iceberg. Beneath the surface, numerous components keep it afloat. Attackers look for those hidden weak spots to exploit. They can navigate through layers of software—starting from the operating system, moving up through networking, security, and application software from different providers.
SecurityScorecard’s findings indicate that file transfer software and cloud platforms are frequent targets, with about 46% of fintechs having poor application security ratings. It suggests that firms should enhance oversight of third-party and fourth-party risks and prioritize suppliers based on their breach history, not just their business size.