Financial

🔎 Major Findings Across Sectors

• Pay-by-Bank specialists Token.io and TrueLayer performed extremely well, as you’d expect in a sector where robust cyberdefence between consumers and banks is 100% necessary.
  
  
• Financial content providers MoneySavingExpert and Yahoo Finance also performed extremely well. Robust perimeter protection is necessary to protect against  IP theft, and the systematic data mining of content. 

• Despite the highest number of standout performances, in general the sector was let down by some sub-par financial services that dragged the overall sector down. 

‍

⚠️ Threats & Weaknesses

• The weaker performances mostly showed exposure to automated traffic, with little to no checks on data mining and content theft.

• In many sites no behavioural response to bot-generated input or repeated access attempts was detected. Although all sites had Web Application Firewalls (WAFs) deployed, our simulations were able to complete reconnaissance and interaction phases without challenge - highlighting the limitations of legacy, perimeter-centric defence strategies.

• On the worst performing domains, automated bots were able to scan, map, and interact with authentication services without encountering rate limits, anomaly detection, or session validation controls. Infiltration rates reached up to 95% on some domains, confirming a near-total absence of active defensive interception.
  
  

🔓 Unlocking Results

VerifiedThreat assessments highlight which organisations:

• ✅ Have robust, resilient defences
  
  
• ⚠️ Are at risk of automation and bot-based exploitation
  
  
• 🚨 Face critical vulnerabilities if left unchecked
  
  

💡 Why This Matters

Understanding sector dynamics allows businesses to:

• Benchmark against industry peers
  
  
• Prioritise investment in external defence
  
  
• Strengthen customer trust by closing exposure gaps

‍

‍