More than 1,7 million euros in recovery costs - when ransomware hits a financial service provider. The international Sophos ransomware study shows: Financial service providers hit ransomware particularly hard in monetary terms - at the same time, they also prove to be more resilient because they rely on backups.
Financial service providers around the world have to spend an average of 1,72 million euros to get back to work after a ransomware attack. This is what Sophos determined in its analysis "The State of Ransomware in Financial Services 2021". The global mean of all industries is slightly below 1,59 million euros. At the same time, the studies show that the financial sector is quite resistant to ransomware attacks: 62 percent of the companies attacked in 2020 worldwide were able to restore their encrypted data from backups. But: in the DACH region, this was only achieved by 47 percent of the companies surveyed.
DACH region particularly badly affected
An overview of some of the results of the study:
- Ransomware hit 2020 percent of the international financial service providers surveyed in 34, and 46 percent in the DACH region.
- While 51 percent of the companies surveyed and affected stated that the attackers were able to encrypt their data, this value in DACH was significantly higher at 61 percent.
- 25 percent internationally (and 29 percent in the DACH region) transferred the required ransom to free the data. The second lowest payment rate of all industries, worldwide and across all industries, around 32 percent of companies pay a ransom.
- 47 percent of all financial service providers surveyed consider themselves at risk of falling victim to ransomware because the attacks have become so ingenious and difficult to stop. 58 percent of financial service providers in the DACH region are assuming this scenario.
- 58 percent of the DACH financial service providers surveyed believe that they will be targeted in the future because other companies in their sector have already come into contact with ransomware. Companies in other regions share this concern 45 percent.
“Strict guidelines in the financial sector require strong defensive measures. Unfortunately, they also make a ransomware attack likely to be very costly for the organizations involved. If you add up the costs of official fines, rebuilding the IT system and stabilizing the market reputation - especially if customer data is lost - this explains the 1,7 million euros in the Sophos investigation, "says John Shier, Senior Security Advisor at Sophos.
Financial service providers are usually well positioned
Financial service providers are among the most regulated industries in the world. They are subject to a large number of regulations that provide exorbitantly high penalties for non-compliance and data breaches. In addition, many of them are required to create business-continuity and disaster recovery plans in order to minimize any damage that could result from cyberattacks.
While internationally many people conscientiously make backups, the DACH region relies more on technology solutions in comparison. 66 percent internationally and 71 percent across the DACH state that they have IT security-trained personnel, 59 percent worldwide and 79 percent in the DACH region use anti-ransomware technologies. 71 percent of the companies surveyed in the DACH region have such insurance, and 41 percent worldwide.
Two factors of concern
The fact that the small but significant amount of eight percent of financial service providers has already had experience with “extortionate ransomware” is a small cause for concern, according to Shier. This is because data is not encrypted, but stolen. “And the robbed are threatened with online publication if they resist the payments. The well-maintained backups, which are popular with companies in the financial sector, do not offer any protection against this threat. "
Another reason for concern among the Sophos experts is the fact that 11 percent of those surveyed (DACH: 36 percent) were of the opinion that they could not become a victim of ransomware at all because they were “not a target”.
DACH: 36 percent believe they are not a goal
“A more than dangerous assumption,” said John Shier, that anyone could be a target of a ransomware attack. “The best way is to initially assume that cyber criminals will target you at some point and implement appropriate defenses, because the financial sector is simply too much at stake to be able to act against cyberattacks without defense mechanisms. While companies should therefore stay on the ball with backups and recovery plans, it is also important to expand their anti-ransomware defensive at the same time - ideally by combining technology with human-led threat hunting. "
The study “The State of Ransomware in Financial Services 2021” is available online as a white paper as a PDF file.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.