close search bar

Sorry, not available in this language yet

close language selection

Financial institutions, like other organizations, struggle to implement application security (AppSec) tools and processes that can scale and keep pace with relentless demand. The complexities of managing and maintaining open source, and the adoption of cloud-native architectures and their associated microservices, all increase the degree of difficulty. Further, supply chain intricacies make it difficult to get a complete picture of an organization's risk profile.

It's no surprise then that AppSec continues to be a complex challenge for financial services organizations adopting modern development practices. A key difference for the financial services industry (FSI), however, is the high stakes involved. In 2019, the global financial services market was valued at $22 trillion.1 During the first year of the COVID-19 pandemic, over 70% of financial services firms experienced a successful cyber attack.2

Despite the high stakes and the challenges of securing software—or maybe because of them—many myths and misconceptions abound in the FSI. Using research data from the "Building Security In Maturity Model" (BSIMM) report and other sources, this eBook debunks and explains several AppSec myths prevalent among financial institutions.

1 Bowcut, Steven, "Cybersecurity in the financial services industry," Cybersecurity Guide, Feb. 25, 2021.

2 Muncaster, Phil, "Most financial services have suffered COVID-linked cyber attacks," Infosecurity Magazine, Jan. 19, 2021.

Financial services myth vs. reality cover

Resources to manage your AppSec risk at enterprise scale