The State of Ransomware in Financial Services 2021

 Based on an independent survey of 550 IT decision makers, this report shares new insights into the current state of ransomware in the financial services sector. It provides a deep dive into the prevalence of ransomware in financial services, the impact of those attacks on victims, the cost of ransomware remediation, as well as how the sector stacks up in terms of its future expectations and readiness against these attacks.

About the survey

Sophos commissioned a global survey of 5,400 IT managers across 30 countries by the independent research house Vanson Bourne. Respondents came from a wide range of sectors, including 550 respondents from the financial services sector. The survey was conducted in January and February of 2021.

Key findings in financial services

• 34% of financial services organizations were hit by ransomware in the last year
• 51% of organizations hit by ransomware said the cybercriminals succeeded in encrypting their data in the most significant attack
• 25% of those whose data was encrypted paid the ransom to get their data back in the most significant ransomware attack
• 62% of those whose data was encrypted used backups to restore data
• 63% of data was restored, on average, after paying the ransom, leaving over one third inaccessible
• 91% of financial services organizations have a malware incident recovery plan
• The average bill for rectifying a ransomware attack in the financial services sector, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid, and more, was US$2.10 million

Ransomware is very much a reality for the financial services industry. Approximately a third (34%) of organizations were hit by ransomware in the last year; while this is lower than the global average of 37%, it’s still a major concern.

A quarter (25%) of financial services organizations whose data was encrypted paid the ransom to get their data back; again, this is lower than the cross-sector average of 32%, and likely a result of the sector’s above average ability to restore data from backups. It appears that financial services are reaping the benefits of having Business Continuity and Disaster Recovery (BC-DR) plans which prepare them for situations like a ransomware attack. Given that organizations that paid the ransom got back just 63% of their data on average, financial institutions are wise to focus on backups as their primary recovery method.