The Dun & Bradstreet Financial Services & Insurance Pulse Survey 2025—built on responses from more than 2,000 senior professionals across five markets (U.S., U.K., Sweden, Germany, Switzerland)—reveals a sector racing to modernize but hamstrung by legacy systems, fragmented data, and intensifying cyber rise.
It's a familiar paradox for CISOs: record spending on innovation, yet growing unease that resilience isn't keeping pace.
Cybersecurity sits at the very top of industry concern, with 79% of financial services and insurance (FS&I) leaders listing it as their greatest vulnerability, followed closely by fraud at 78%.
Dun & Bradstreet's analysts note in the findings that "traditional defenses are becoming antiquated," with 70% of firms saying they feel more vulnerable than 18 months ago.
Regional patterns amplify the story:
U.S. firms show the highest anxiety, with 85% citing cyber risk as a top threat.
Insurers emerge as the most risk-aware cohort, exceeding 80% concern in cybersecurity, fraud, and compliance.
Cyber risk now extends far beyond direct breaches—into data-driven financial crime, regulatory exposure, and algorithmic manipulation as AI takes root in core systems.
Nearly 69% of organizations have increased investment in cybersecurity solutions, yet 38% admit they remain unprepared to handle them effectively.
Budget limitations (31%), regulatory friction (30%), and the difficulty of quantifying risk (29%) all slow progress.
This gap between ambition and execution mirrors what many security leaders face: the transition from reactive compliance spending to data-driven, predictive resilience.
If any finding should alarm cybersecurity leaders, it's this: 91% of FS&I firms have suffered negative consequences from poor third-party risk management, at an average cost of $706,000 per incident—nearly $1.5 million in Germany.
Consequences include:
Financial loss (41%)
Security breaches (35%)
Lost opportunities (35%)
Reputational damage (33%)
As D&B's Dirk Radetzki warns, "Third-party risk is the adversary of operational resilience. Firms must move to continuous monitoring and real-time vendor scoring."
For cyber teams, this translates into integrating supplier telemetry, API-driven threat feeds, and shared risk exchanges directly into governance workflows.
Nearly two-thirds (64%) of respondents say they cannot make informed decisions with existing data, and 73% cannot effectively assess non-financial risks.
Data silos, duplicates, and manual processes persist:
59% report duplicate records.
52% cite siloed datasets.
55% say they simply "don't trust their own data."
The fallout is costly: more than half (52%) of firms have experienced failed AI projects tied to poor data quality.
For cybersecurity functions, that means threat analytics, compliance automation, and AI-driven anomaly detection all operate on shaky foundations. As D&B's Sara de la Torre notes, "Data governance is no longer optional."
Looking toward 2026, internal use of AI (39%) and digital transformation (36%) top the sector's strategic agenda. But those same executives name cyber risk (53%) and poor data quality (44%) as their biggest obstacles.
It's a classic build-on-sand dilemma: enterprises eager to scale machine intelligence without shoring up data integrity, access control, or model oversight.
The survey shows more than 60% of firms now acknowledge they'll need external data and new technology partnerships to close these gaps—an open invitation for cybersecurity providers specializing in AI risk management, identity governance, and secure data-sharing architectures.
D&B includes case studies that double as playbooks for CISOs:
A global bank cut silos by linking third-party data to the D-U-N-S Number, adding ESG and cyber-risk scores to create a unified vendor map—boosting accuracy and saving costs.
A global insurer automated onboarding and sanctions checks via API integration, saving 684 hours of manual risk assessments and simplifying compliance reporting.
For cybersecurity teams, these examples validate the payoff of data enrichment, automation, and API-level integration in threat and vendor-risk programs.
And, of course, there are implications for cybersecurity leaders:
Data is the new defense surface: Poor data hygiene can undermine every layer of cyber strategy—from risk scoring to model governance.
Modernize third-party oversight: Adopt real-time vendor monitoring, shared risk exchanges, and external intelligence feeds.
Align AI innovation with control frameworks: Treat AI deployment as a regulated risk activity, not an R&D experiment.
Automate with intent: Manual processes in onboarding and risk assessment breed errors and delay.
Invest in culture and collaboration: D&B urges FS&I leaders to embed risk awareness at the board level and foster cross-functional teams that bridge IT, compliance, and business resilience.
The Pulse Survey 2025 captures an industry at a turning point as AI optimism collides with data reality. For cybersecurity professionals, the mandate is clear: build risk intelligence on a trusted data foundation, strengthen third-party visibility, and ensure every algorithm, dashboard, and decision engine inherits that trust.
In the words of D&B's Malin Höök, "The firms that will lead the next wave of transformation are those that pair innovation with governance."