Recovering from a ransomware attack costs financial services $2 million

Sheets of one dollar bills run through the printing press at the Bureau of Engraving and Printing on March 24, 2015, in Washington. It costs financial services firms $2.1 million on average to recover from a ransomware attack, according to a new Sophos report. (Photo by Mark Wilson/Getty Images)

Ransomware has become a new cost of doing business for many organizations, and the financial services sector is not immune.

A new report by Sophos showed financial services organizations paid about $2.1 million on average to recover from a ransomware attack, about a quarter of a million dollars more than the global average of $1.85 million.

Sophos commissioned a global survey of 5,400 IT managers across 30 countries by an independent researcher, including 550 respondents from the financial services sector, for its State of Ransomware in Financial Services 2021 report. The survey was conducted in January and February 2021.

Of the 34% of financial services organizations who said they were hit by ransomware, more than half (51%) said the attackers succeeded in encrypting their data.

But preparation paid off for the financial sector as it fared better than other verticals in getting at least some of its data back. More than 9 in 10 respondents, 91%, said they had business continuity and disaster recovery plans. Of those that had data encrypted in an attack, 62% said they used backups to restore their data. However, those who paid a ransom — a quarter of respondents — got back just 63% of their data on average.

The report noted that the higher cost of recovery for financial services than other sectors was due to keeping operations running and high costs of data breach notifications for the financial sector, among others.

“Strict guidelines in the financial services sector encourage strong defenses. Unfortunately, they also mean that a direct hit with ransomware is likely to be very costly for targeted organizations, John Sheir, Sophos senior security advisor, said in a statement. “If you add up the price of regulatory fines, rebuilding IT systems and stabilizing brand reputation, especially if customer data is lost, you can see why the survey found that recovery costs for mid-sized financial services organizations hit by ransomware in 2020 were in excess of $2 million.”

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.