State of Application Security – Banking and Financial Services – H1 2025

Overview:

Cyberattacks against Banking and Financial Services (BFS) applications surged in the first half of 2025, with attackers moving beyond primary portals to exploit customer service pages, UAT environments, and third-party integrations. Fueled by AI-driven tactics, attackers increasingly targeted vulnerabilities and APIs, making BFS one of the most at-risk sectors.

The State of Application Security – BFS H1 2025 report, analyzing 600+ global BFS sites, reveals how attackers are fine-tuning payloads to bypass standard defenses and shifting towards internal-facing assets to disrupt operations and extort organizations.

Key Takeaways :

742M+ attacks recorded across BFS applications
1.2M attacks per BFS site, up 51% compared to H1 2024
77% of all attacks aimed at exploiting vulnerabilities
95% of BFS sites faced bot attacks abusing logins and transactions
API attacks grew by 60% as compared to the last year
518% increase in DDoS attacks on APIs, far outpacing website-focused DDoS
DDoS attacks on websites spiked 172% during geopolitical events, underscoring rising extortion risks

Web apps, APIs, and AI systems. Protected from day one. Autonomously.

OWASP Top 10 protection from day one. Zero false positives, guaranteed. Vulnerabilities discovered and patched at the edge. Experts verify enforcement before policies go live. 24x7 managed services included.

✓ Gartner Customers' Choice 4 years running 100% customer recommendation rate

No credit card required

State of Application Security – Banking and Financial Services – H1 2025

Overview:

Key Takeaways :

Web apps, APIs, and AI systems. Protected from day one. Autonomously.