CFOtech India - Technology news for CFOs & financial decision-makers
India

Guides

#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
health technologies

Search

Finance healthcare professionals collaborating cybersecurity digital shield lock
#
Cloud Security
#
Advanced Persistent Threat Protection
#
Risk & Compliance

Finance & healthcare sectors urged to upskill amid cyber gaps

Wed, 15th Oct 2025
Author image
By Shannon Williams, Journalist

Hack The Box's latest industry assessments have highlighted significant cyber skills gaps in the finance, healthcare, and managed security service sectors, raising questions about the effectiveness of compliance-based readiness approaches.

The assessments analysed performance data from more than 4,500 cybersecurity professionals on 795 security teams worldwide, with practical testing across 40 specific challenges. The resulting reports focus on three sectors-healthcare, finance, and Managed Security Service Providers (MSSPs)-and suggest that while detection capabilities are generally strong, prevention and offensive security skills lag behind.

Finance sector weaknesses

In the finance sector, teams recorded relatively strong scores in Forensics (54.6%), OSINT (71%) and Coding (51.4%), reflecting proficiency in investigation and detection tasks. However, notable skill deficiencies were found in Persistence (21.1%), Privilege Escalation (20.3%) and Collection (10.8%)-areas critical to identifying and disrupting advanced attacks early. The report further points to challenges with emerging vulnerabilities in blockchain and smart contract environments, indicating an increased need for sector-specific security skills beyond traditional compliance measures.

The report notes: "Financial institutions excel in threat visibility, yet lack the depth to neutralize threats effectively." It also highlights requirements for improved oversight: "SOC teams require enhanced oversight of detection progress and response metrics."

Healthcare sector vulnerabilities

Healthcare cybersecurity teams displayed solid Open Source Intelligence (OSINT) skills, with a 76.6% score, and showed early promise in AI detection (33.8%). However, scores dropped in Web Security (15.6%) and Secure Coding (16.7%), exposing a broader issue around basic cyber hygiene. These weaknesses leave sensitive patient systems vulnerable, particularly in the event of persistence and lateral movement by attackers post-breach, cited as high-risk exposure points in the report.

The report stresses: "Strong OSINT and detection capabilities, but prevention remains weak. AI readiness is promising but lacks secure deployment practices. Persistence and lateral movement are high-risk exposure points post-breach."

MSSP sector under review

Teams aligned with managed security service providers performed well in OSINT (64.5%), Forensics (62.8%), and Cloud Security (37.6%), demonstrating strong monitoring and incident response abilities on a broad scale. Despite this, the data suggested deficiencies in Secure Coding (18.7%), Web Security (21.1%), and ICS/OT (28.2%), hindered comprehensive protection for clients, particularly in specialised environments. The reports identify secure coding as an ongoing blind spot for MSSPs and highlight challenges in achieving domain-specific expertise necessary for sophisticated threat defence.

The report observes: "The breadth of monitoring is strong, but the depth in offensive security and threat emulation is lacking. AI is a force multiplier, but secure coding remains a blind spot. MSSPs are proficient generalists, yet struggle with domain-specific expertise."

Compliance and capability

The findings indicate that, although all three analysed sectors must adhere to high regulatory standards, technical capabilities may not align with compliance benchmarks. This situation leaves critical national infrastructure, financial assets, and sensitive patient data potentially exposed to evolving cyber threats that require skills beyond traditional check-box approaches.

Haris Pylarinos, Chief Executive Officer and founder of Hack The Box, addressed the importance of shifting away from compliance-centric readiness. He stated:

"Cyber threats evolve daily, yet many organizations still measure readiness through compliance alone. What the data shows is that resilience comes from capability. We need to rethink how we prepare our teams, not just how we audit them."

The Cyber Skills Benchmark 2025 Report proposes that organisations should focus on deeper and attacker-aligned training as well as Continuous Threat Exposure Management to achieve measurable resilience. By using real-world performance data and technical assessments, the reports offer a framework for identifying current strengths and areas for focused skill development in each sector.

Hack The Box's analysis suggests that organisations and providers must prioritise capability-based upskilling and adapt training programmes to address persistent gaps, or risk continued exposure to increasingly sophisticated cyber threats. The reports emphasise the need for greater investment in both foundational and advanced cyber skills to meet evolving industry challenges.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
AI adoption in process safety rising but impact on incidents lags
Ripple achieves USD $1B RLUSD milestone, major deals & USD $500M boost
Smartsheet unveils AI-driven upgrades to boost enterprise agility
Why the world needs hundreds of Palantirs
Private equity sponsors & CFOs clash over exit readiness levels

Top stories

Exclusive: Informatica's Krish Vitaldevara on AI’s next evolution
Business Software Alliance: AI could add USD $500 billion to India
The Circulate Initiative boosts leadership to tackle plastic waste
ECI launches AI Agent to streamline eCommerce operations & fraud detection
Fortinet reports strong Q3 revenue growth & SASE adoption surge