Financial sector pays record sums in ransomware attacks

Share post

The number of annual ransomware attacks on companies in the financial sector is constantly growing: while it was 2021 percent in 34, the number rose to 2022 percent in 55 and is 2023 percent in the 64 report. There is no end in sight, according to the study “The State of Ransomware 2023”.

Unauthorized entry into the systems usually occurs through exploited vulnerabilities (40 percent). Compromised credentials, on the other hand, are only responsible for 23 percent of attacks - one of the lowest rates in the financial sector. Here, educational work among the workforce could have ensured greater security awareness, or even stricter internal security measures.

Encrypting data is now also a regular part of a ransomware attack. Last year, 54 percent were affected in the financial sector (65 percent worldwide), and in 2023 it will be 81 percent (76 percent worldwide) - the highest rate in the last three years. In every fourth case of encryption, data was also stolen.

Cyber ​​insurance influences the course of the attack

🔎 The study “The State of Ransomware 2023” shows that the financial industry pays a lot of ransom money in ransomware attacks (Image: Sophos).

In addition to personal contributions to prevent and limit damage, cyber insurance also has an increasing influence on the course of ransomware attacks: In the 2022 ransomware study, 83 percent of companies in the financial sector had taken out cyber insurance. The 2023 analysis now shows that those who have a single policy can restore 99 percent of their encrypted data; for companies that have partial cyber protection as part of an existing insurance policy, this value is 97 percent. For comparison: this was achieved without insurance with 89 percent significantly fewer people affected.

Financial sector is super payer

The payment rate also increases with the insurance coverage: 59 percent of financial companies with individual cyber policies paid the required ransom, while 24 percent of companies with general insurance policies did so. Only 11 percent of service providers without insurance were willing to fill the cybercriminals' coffers.

The number of financial companies that paid higher ransomware rates also increased dramatically: while only 2021 percent reported having transferred $5 million or more in 1, this rose to 2022 percent in 39. On the other hand, the number of companies paying less than $100,000 remained the same at around 40 percent in 2022 and 2023.

And another superlative is evident in this year's ransomware study for the financial sector: with average recovery costs of $2,23 million compared to the industry average of $1,82 million, the financial sector is among the absolute best in the world. This result is probably due to the high growth rate of encrypted data and the resulting greater challenge of stopping attacks before data is encrypted.

Backups as a strategy for ransomware attacks

The increasingly questionable purpose of paying a ransom has now reached many companies: While the number of payments in the financial sector almost doubled from 2022 percent (25) to 2021 percent in 52, it fell slightly to 2023 percent in 43. Possibly also a result of the (proven) findings that not all data can be gotten back with payment, but also that companies use backups to make themselves independent of blackmailers. In 2023, 69 percent (2022: 66 percent) relied on backups for data recovery (70 percent worldwide). They also reduce the recovery costs: on average these are 1,58 million US dollars - but those who paid the ransom had to pay a total of around 4,05 million US dollars, a good 2,5 times as much.

And there's another plus point in favor of backups: financial companies that rely on backups recovered more quickly from an attack than those that paid ransoms.

Of the companies attacked, 10 percent were back up and running after less than a day with backups and 7 percent with a ransom payment. If you look at the period of one month in comparison, 21 percent of the companies that had relied on a backup and 35 percent had things running smoothly again after a ransom was paid.

About the Study

“The State of Ransomware in Financial Services 2023” is part of the cross-industry and cross-sector Sophos study “The State of Ransomware 2023” in which 2023 IT professionals in medium-sized organizations (3.000-100 employees) in 5.000 countries will be asked about their experiences in early 14 were surveyed over the past year.

More at


About Sophos

More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.


Matching articles on the topic

Digital identities: five challenges for 2024

Last year, generative AI and the global IT security situation made headlines. Both have an impact on digital identities and ➡ Read more

The most dangerous malware in November: Formbook 1st place

The most common malware in November 2023 is the infostealer Formbook and the most frequently attacked industry is ISP/MSP. Command Injection ➡ Read more

AI-based cybersecurity is still in its early stages

Cybersecurity managers see the great potential that lies in AI-based security solutions, but they are still being widely implemented in companies ➡ Read more

Many German chambers of crafts remain offline

The IT service provider ODAV was the victim of a cyber attack at the beginning of January. Because the service provider provides many services for the German Chamber of Crafts ➡ Read more

IT specialists: 149.000 positions unfilled in Germany

According to the Bitkom survey, positions for IT specialists remain unfilled on average for over seven months. 77% of those surveyed expect that the ➡ Read more

Artificial intelligence: The most important trends in 2024

Further developments in the area of ​​artificial intelligence pose both cybersecurity risks and opportunities for companies. Especially in ➡ Read more

75 percent of industrial companies fall victim to a ransomware attack

Three out of four industrial companies worldwide fell victim to a ransomware attack last year. This is one of the findings of the new report ➡ Read more

Predictions for the security of cyber-physical systems 2024

The major geopolitical crises of the past year, such as Russia's ongoing war against Ukraine and the Middle East conflict, have occurred ➡ Read more