Banks Under Pressure: Security Gaps Due to Untested Exposure

A recent investigation by Sprocket Security highlights the risks that banks face due to untested security vulnerabilities. The study shows that a two-week penetration test typically leaves about 345 days of real exposure unvalidated. This untested timeframe can present a significant attack surface for cybercriminals, as threats and attack methods are constantly evolving. The investigation emphasizes that traditional security review methods are no longer sufficient to address the dynamic threats in the digital space. The attack surfaces of banks are continuously changing, necessitating regular and ongoing reviews of security measures.

The researchers stress that implementing continuous testing is crucial for timely identification and closure of security gaps. A key finding of the study is that many banks rely on one-time tests that do not cover the full range of potential vulnerabilities. This practice results in many security gaps remaining undetected for extended periods. The researchers advocate for a shift to a model that includes regular testing and reviews to ensure the security of systems. The study notes that cyberattacks on banks have increased in recent years.

According to the Cybersecurity & Infrastructure Security Agency (CISA), there was a 30% increase in reported incidents in the financial sector in 2025. This rise underscores the urgency of rethinking and adapting security strategies. Another aspect of the investigation is the need for better training of bank employees. Often, human errors are the cause of security incidents. The researchers recommend implementing regular training and awareness programs for employees to enhance awareness of cyber threats and improve responsiveness.

The study by Sprocket Security also shows that many banks lack the necessary resources to conduct continuous testing. This leads to a reliance on external service providers who may not always consider the specific needs of the banks. Close collaboration between internal IT teams and external security providers is deemed necessary to develop tailored solutions. The researchers emphasize that implementing continuous testing not only increases security but also strengthens customer trust in the bank. A transparent approach to security issues can help improve the banks' image and foster customer loyalty.

Banks that proactively invest in their security infrastructure can gain a competitive advantage. In conclusion, the study points out that regulatory requirements for banks regarding cybersecurity are increasing. Regulators are increasingly demanding evidence of security measures and their effectiveness. Banks must prepare to regularly submit reports on their security practices in order to meet legal requirements. The study by Sprocket Security was published on June 1, 2026, and provides comprehensive insights into the challenges banks face in the field of cybersecurity.