State of ransomware in financial services

Ransomware is a scourge suffered by organizations across the industry spectrum, but financial services continues to be particularly hard hit, according to the latest Sophos report on The State of Ransomware in Financial Services.

Ransomware is nothing new to financial industry cybersecurity professionals, who have seen these attacks wreak havoc on institutions big and small for more than half a dozen years. And in recent months, ransomware attacks have stepped up, putting them front and center for the industry.

Indeed, financial IT security professionals and researchers alike have pointed out how ransomware attacks are not only becoming more pervasive, but more sophisticated — creating a wave of new threats that even the most security-conscious banks and investment firms are hard-pressed to stop.

Rise in ransomware attacks against financial services

In 2021, more than half (55%) of financial service firms were victims of at least one ransomware attack, up from 34% the previous year, representing a 62% rise in these threats in just one year, according to Sophos’ report. The study was derived from research Sophos commissioned with Vanson Bourne, which surveyed 5,600 IT professionals, including 444 from financial services in the first two months of 2022.

Among the report’s key findings:

  • Ransomware attacks on financial services increased – 55% of organizations were hit in 2021, up from 34% in 2020.
  • The increased attack rate is part of a cross-sector, global trend. Even though the attack rates are higher in 2021, financial services reported the lowest attack rates of all sectors.
  • Financial services reported the second-lowest rate of data encryption at 54%. The global average was 65%, for comparison.
  • 52% of financial services organizations paid the ransom to restore data, which is higher than the global average of 46%.
  • The amount of data restored by financial services has remained constant at 63% across 2020 and 2021; the global average is 61%. However, the percentage of financial services organizations that got ALL their encrypted data back went up from 4% in 2020 to 10% in 2021. For comparison, the global average in 2021 was just 4%.
  • The rate of ransom payment by the financial services sectors more than doubled: up from 25% in 2020 to 52% in 2021. The global average in 2021 was 46%.
  • The average remediation cost in financial services was US$1.59M, which is above the global average of US$1.4M.
  • 83% of financial services organizations reported having cyber insurance coverage against ransomware, which is in line with the global average.
  • Cyber insurance is driving financial services to improve cyber defenses – 98% of financial services organizations have upgraded their cyber defenses to secure coverage.
  • Financial services has one of the lowest ransom payout rates by insurers: 32% compared to 40% across all sectors.

Invest now or pay later

In many ways, the Sophos findings are consistent with what CyberRisk Alliance Business Intelligence found during a ransomware survey earlier this year. In the survey of 300 IT and cybersecurity decision-makers and influencers, 43% of respondents suffered at least one ransomware attack during the past two years. Among them, 58% paid a ransom, 29% found their stolen data on the dark web, and 44% suffered financial losses.

Remote workers and cloud platforms/apps were the three most common attack vectors. Meanwhile, exploitable vulnerabilities accounted for the most common initial infection point (63%), followed by privilege escalation (33%), credential exfiltration (32%), and averse mapped shares (27%).

Companies are not taking the threat lying down: 62% said they will increase ransomware protection spending in the next two years.

A steep, uphill climb

The increasing rate of ransomware attacks in financial services demonstrates that adversaries have become considerably more capable of executing attacks at scale by successfully deploying the ransomware-as-a-service model.

Read the full report: The State of Ransomware in Financial Services 2022.

Bill Brenner

Bill Brenner is VP of Content Strategy at CyberRisk Alliance — an InfoSec content strategist, researcher, director, tech writer, blogger and community builder. He was formerly director of research at IANS, senior writer/content strategist at Sophos, senior tech writer for Akamai Technology’s Security Intelligence Research Team (Akamai SIRT), managing editor for CSOonline.com and senior writer for SearchSecurity.com.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.