The ransomware challenge for the financial services sector continues to grow. Attack rates are up over the last year, with cyber criminals succeeding in encrypting data in over half of attacks.
Sophos have released The State of Ransomware in Financial Services 2022 report, which offers fresh insights into ransomware attacks, costs, recovery, and ransom payouts affecting financial services organisations over the last year.
The report is based on an annual study of the real-world ransomware experiences of IT professionals, of which 444 respondents came from the financial services sector, working in mid-sized companies (100-5,000 employees) across 31 countries.
The study reveals an increasingly challenging attack environment, and the growing financial and operational burden ransomware is placing on financial services organisations. It also sheds light on the relationship between ransomware and cyber insurance, including the role cyber insurance is playing in driving changes to cyber defences.
Here are the key findings from the report:
• Ransomware attacks on financial services have increased – 55% of organisations were hit in 2021, up from 34% in 2020
• The increased attack rate is part of a cross-sector, global trend. Even though the attack rates are higher in 2021, financial services reported the lowest attack rates of all sectors
• Financial services reported the second-lowest rate of data encryption at 54%. The global average was 65%, for comparison
• 52% of financial services organisations paid the ransom to restore data, which is higher than the global average of 46%
• The amount of data restored by financial services has remained constant at 63% across 2020 and 2021; the global average is 61%. However, the percentage of financial services organisations that got ALL their encrypted data back went up from 4% in 2020 to 10% in 2021. For comparison, the global average in 2021 was just 4%
• The rate of ransom payment by the financial services sector more than doubled: up from 25% in 2020 to 52% in 2021. The global average in 2021 was 46%
• The average remediation cost in financial services was US$1.59M, which is above the global average of US$1.4M
• 83% of financial services organisations reported having cyber insurance coverage against ransomware, which is in line with the global average
• Cyber insurance is driving financial services to improve cyber defences – 98% of financial services organisations have upgraded their cyber defences to secure coverage
• Financial services has one of the lowest ransom payout rates by insurers: 32% compared to 40% across all sectors
The increasing rate of ransomware attacks in financial services demonstrates that adversaries have become considerably more capable of executing attacks at scale by successfully deploying the ransomware-as-a-service model.
Most financial services organisations are choosing to reduce the financial risk associated with such attacks by taking cyber insurance. For them, it’s reassuring to know that insurers pay some costs in almost all claims. However, the sector has one of the lowest ransom payout rates by insurers.
It’s getting harder for organisations, especially in the financial services sector, to secure coverage. This has driven almost all financial services organisations to make changes to their cyber defences to improve their cyber insurance positions.