Despite the reputation of having among the highest levels of cybersecurity maturity, ransomware gangs still successfully target financial services companies in significant numbers.
Ransomware attacks on financial services are a significant concern. According to the Sophos report, The State of Ransomware in Financial Services 2024, the financial services sector faces a high successful attack rate, with 65% of organizations hit. Sophos says that’s higher than their survey’s global cross-sector average.
According to the survey, the median ransom demand in financial services is $2 million, and mean recovery costs are about $2.6 million, up from $2.2 million in the 2023 report. As is now commonplace, such ransomware attacks involved the criminal denial of access to a victim organization’s data files through encryption and the clear-text theft of data. Financial services companies also face strict regulatory controls, so any data breach can potentially lead to high fines.
An attack late last year on the Industrial & Commercial Bank of China’s subsidiary ICBC Financial Services, allegedly by the Lockbit ransomware gang, underscores the risk of widespread disruptions from such attacks. That attack prompted the Financial Services-ISAC to urge members to ensure their cybersecurity defenses stood in good shape.
According to reports from S.C. Magazine and CNN, potential system availability disruptions have made intelligence sharing “critical” during cyberattacks. Other finance executives noted that they have closely watched the ICBC Financial Services attack. “We’re taking a look at the response and the broader impact given ICBC’s size and role in the global financial sector,” warned a senior U.S. cybersecurity financial services official at the time.
Old attack vectors prove fruitful for ransomware criminals
The common attack vectors financial services companies face is familiar to security experts: compromised access credentials and maliciously designed emails. And 90% of the financial services firms surveyed said the ransomware attackers tried to compromise their system and data backups.
The ransomware attack trend within financial services appears to be trending higher. That 65% of financial services firms hit by ransomware is identical to the 64% reported in the 2023 report, but notably higher than the 59% in other industries and the 55% in 2022, 34% in 2021, and 48% in 2020. In 2024, 51% of financial services firms paid the ransom demand so that they could recover their data, up from 43%.
Regarding recovery, 46% of the financial services firms victimized by ransomware took a week to recover; for 25% of those hit, recovery took more than a month.
What financial companies can do
The report concludes with several recommendations for financial services organizations:
- Focus on prevention through effective vulnerability management, multi-factor authentication, and user training.
- Strengthen protection with robust endpoint, email, and firewall technologies.
- Improve detection and response capabilities to stop attacks early.
- Develop and practice incident response plans.
- Regularly test data restoration from backups and ensure backups are adequately protected from attack.
Regarding the number of computers impacted by ransomware attacks within victimized organizations, 43% of computers were impacted. That’s lower than the average of 49% of computers affected across all industries. According to Sophos, only 4% of organizations studied suffered 91% or more of their devices being impacted by the ransomware attack. Interestingly, small-scale successful ransomware attacks seem to be rare, with just 1% of organizations victimized by ransomware reporting that the attack impacted fewer than 1% of their devices. “Financial services had the third-lowest percentage of devices impacted by ransomware across all sectors, globally. I.T., technology, and telecoms (33%) reported the lowest percentage, followed by retail at 40%,” the report said.
Sophos found that, on average, the energy, oil/gas, and utilities sectors experienced a broader ransomware attack, at 62% of devices impacted. That was followed by healthcare at 58%.
As one of the designated critical infrastructure industries, disruptions in the financial services sector can have a far-ranging impact on everyday life.
The Sophos report highlights the ongoing threat of ransomware to financial services organizations and emphasizes the importance of comprehensive cybersecurity measures to prevent, detect, and respond to these attacks.
The State of Ransomware in Financial Services 2024 report is based on an independent survey of 5,000 IT/cybersecurity leaders across 14 countries in the Americas, EMEA, and Asia Pacific, including 592 respondents from financial services organizations. All respondents represent organizations with between 100 and 5,000 employees, and the survey was conducted between January and February 2024. The responses reflect survey participant experiences in the previous year.