The number of annual ransomware attacks on companies in the financial sector is constantly growing: while it was 2021 percent in 34, the number rose to 2022 percent in 55 and is 2023 percent in the 64 report. There is no end in sight, according to the study “The State of Ransomware 2023”.
Unauthorized entry into the systems usually occurs through exploited vulnerabilities (40 percent). Compromised credentials, on the other hand, are only responsible for 23 percent of attacks - one of the lowest rates in the financial sector. Here, educational work among the workforce could have ensured greater security awareness, or even stricter internal security measures.
Encrypting data is now also a regular part of a ransomware attack. Last year, 54 percent were affected in the financial sector (65 percent worldwide), and in 2023 it will be 81 percent (76 percent worldwide) - the highest rate in the last three years. In every fourth case of encryption, data was also stolen.
Cyber insurance influences the course of the attack
🔎 The study “The State of Ransomware 2023” shows that the financial industry pays a lot of ransom money in ransomware attacks (Image: Sophos).
In addition to personal contributions to prevent and limit damage, cyber insurance also has an increasing influence on the course of ransomware attacks: In the 2022 ransomware study, 83 percent of companies in the financial sector had taken out cyber insurance. The 2023 analysis now shows that those who have a single policy can restore 99 percent of their encrypted data; for companies that have partial cyber protection as part of an existing insurance policy, this value is 97 percent. For comparison: this was achieved without insurance with 89 percent significantly fewer people affected.
Financial sector is super payer
The payment rate also increases with the insurance coverage: 59 percent of financial companies with individual cyber policies paid the required ransom, while 24 percent of companies with general insurance policies did so. Only 11 percent of service providers without insurance were willing to fill the cybercriminals' coffers.
The number of financial companies that paid higher ransomware rates also increased dramatically: while only 2021 percent reported having transferred $5 million or more in 1, this rose to 2022 percent in 39. On the other hand, the number of companies paying less than $100,000 remained the same at around 40 percent in 2022 and 2023.
And another superlative is evident in this year's ransomware study for the financial sector: with average recovery costs of $2,23 million compared to the industry average of $1,82 million, the financial sector is among the absolute best in the world. This result is probably due to the high growth rate of encrypted data and the resulting greater challenge of stopping attacks before data is encrypted.
Backups as a strategy for ransomware attacks
The increasingly questionable purpose of paying a ransom has now reached many companies: While the number of payments in the financial sector almost doubled from 2022 percent (25) to 2021 percent in 52, it fell slightly to 2023 percent in 43. Possibly also a result of the (proven) findings that not all data can be gotten back with payment, but also that companies use backups to make themselves independent of blackmailers. In 2023, 69 percent (2022: 66 percent) relied on backups for data recovery (70 percent worldwide). They also reduce the recovery costs: on average these are 1,58 million US dollars - but those who paid the ransom had to pay a total of around 4,05 million US dollars, a good 2,5 times as much.
And there's another plus point in favor of backups: financial companies that rely on backups recovered more quickly from an attack than those that paid ransoms.
Of the companies attacked, 10 percent were back up and running after less than a day with backups and 7 percent with a ransom payment. If you look at the period of one month in comparison, 21 percent of the companies that had relied on a backup and 35 percent had things running smoothly again after a ransom was paid.
About the Study
“The State of Ransomware in Financial Services 2023” is part of the cross-industry and cross-sector Sophos study “The State of Ransomware 2023” in which 2023 IT professionals in medium-sized organizations (3.000-100 employees) in 5.000 countries will be asked about their experiences in early 14 were surveyed over the past year.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.