Resources  »  Research Reports  »  State of Application Security – Banking and Financial Services – H1 2025

State of Application Security – Banking and Financial Services – H1 2025

img

Overview:

Cyberattacks against Banking and Financial Services (BFS) applications surged in the first half of 2025, with attackers moving beyond primary portals to exploit customer service pages, UAT environments, and third-party integrations. Fueled by AI-driven tactics, attackers increasingly targeted vulnerabilities and APIs, making BFS one of the most at-risk sectors.

The State of Application Security – BFS H1 2025 report, analyzing 600+ global BFS sites, reveals how attackers are fine-tuning payloads to bypass standard defenses and shifting towards internal-facing assets to disrupt operations and extort organizations.

Indusface
Indusface

Indusface is a leading application security SaaS company that secures critical Web, Mobile, and API applications of 5000+ global customers using its award-winning fully managed platform that integrates web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence engine.


Key Takeaways :

  • 742M+ attacks recorded across BFS applications
  • 1.2M attacks per BFS site, up 51% compared to H1 2024
  • 77% of all attacks aimed at exploiting vulnerabilities
  • 95% of BFS sites faced bot attacks abusing logins and transactions
  • API attacks grew by 60% as compared to the last year
  • 518% increase in DDoS attacks on APIs, far outpacing website-focused DDoS
  • DDoS attacks on websites spiked 172% during geopolitical events, underscoring rising extortion risks