Key facts
- Direct ransomware attacks on financial institutions increased 76% year-over-year in Q1 2026.
- 50% of financial vendor ecosystems contain critical vulnerabilities.
- The findings highlight a two-front cyber threat for the financial services sector.
Black Kite, a leader in third-party cyber risk management, has released its 2026 State of Financial Services Report. The report indicates a significant surge in cyber threats targeting the financial sector. In the first quarter of 2026, direct ransomware attacks on financial institutions saw a substantial increase of 76% compared to the same period in the previous year. Compounding this threat, the report also revealed that half of all financial vendor ecosystems are currently carrying critical vulnerabilities. This dual challenge of increased direct attacks and widespread vulnerabilities within the supply chain presents a complex and elevated cyber risk landscape for financial services firms.