ImmuniWeb, a cybersecurity company that does application security testing and compliance probing, has reached an alarming conclusion. As it turns out, as many as 97% of the world’s top financial institutions are vulnerable to cyberattacks.
In fact, the only banks that passed the company’s tests are as follows:
– Danske Bank (Denmark)
– Handelsbanken (Sweden)
– Credit Suisse (Switzerland)
According to ImmuniWeb, no instances of server misconfiguration were found on their respective websites. All of the other banks they’ve tested received less-than-perfect scores.
Here’s the system they used for grading:
Grade A: received by 40 organisations. Indicates minuscule cybersecurity issues.
Grade B: received by 20 organisations. It’s an indicator of several minor cybersecurity flaws.
Grade C: received by 31 organisations. This is a reason for concern, as it indicates security vulnerabilities or other configuration flaws.
Grade F: received by 31 organisations. The grade means catastrophic failure, indicating that exploitable and publicly-known security vulnerabilities were discovered.
The websites’ SSL/TLS encryption security grades were also handed out.
Grade A+: received by 25 organisations
Grade A: received by 54 organisations
Grade B: received by 7 organisations
Grade C: received by 1 organisation
Grade F: received by 13 organisations. This grade indicates that the website failed due to not having any encryption or based on the vulnerabilities discovered.
As you can see, the financial institutions received much better grades in this regard.
To summarise the GDPR main website compliance test, only 39 of them passed it. As for the e-banking websites, only 17 of them received a passing grade.