Site navigation

Financial Services Sector Hit with $2m Ransomware Costs

David Paul


financial services ransomware
IT security firm Sophos found that ransomware attacks have become “very much a reality” for the finance industry worldwide.

The financial services sector across the world is being hit with substantial costs after being affected by ransomware attacks.

Research by UK IT security firm Sophos revealed that the average bill after being hit by ransomware, considering a variety of different factors, was US$2.1 million (£1.5m).

The independent survey of 550 IT decision makers found that 34% of the financial services firms were victims of ransomware attacks last year, with more than half (51%) saying that hackers succeeded in stealing data.

According to Sophos, while the 34% is lower than the global average of 37%, it remains “a major concern” for the sector going forward.

In what is fast becoming the norm for firms hit by such attacks, 25% which had data encrypted paid the ransom to get their data back.

The main reason the financial services sector is a major target for ransomware is that they hold a large amount of sensitive data which is a highly sought after commodity for hackers.

Secondly, disruption to sector operations can “cause havoc” around the globe, putting pressure on firms to restore systems as soon as possible. This makes them more likely to pay the ransoms.

Commenting on the research John Shier, Sophos’s senior security advisor, said: “Strict guidelines in the financial services sector encourage strong defences. [But] unfortunately, they also mean that a direct hit with ransomware is likely to be very costly for targeted organisations.

“If you add up the price of regulatory fines, rebuilding IT systems and stabilising brand reputation, especially if customer data is lost, you can see why the survey found that recovery costs for mid-sized financial services organisations hit by ransomware in 2020 were in excess of $2m,” he added.


Research into cybersecurity losses among businesses targeted in 2020 by Hiscox in June last year revealed a six-fold increase from a median $10,000 (£8,051) per firm to $57,000 (£45,892); numbers which have likely increased further into 2021.

The international study indicated a $1.2 billion rise in cyber losses to almost $1.8 billion, with the most heavily-targeted sectors being financial services, manufacturing and technology, media and telecoms (TMT).

However, despite the impact of ransomware, the financial services sector is also one of the most resilient industries when it comes to facing down ransomware hits and is significantly less likely to pay to recover their data.

Additionally, the financial services sector is the only one where every organisation whose data was encrypted were able to get it back, according to Sophos. The research showed that 25% paid the ransom, 62% used backups, and 13% used ‘other means’ to get their data back.

Javvad Malik, security awareness advocate at KnowBe4, said that, while ransom costs are high, it is sometime matched, or even dwarfed by the additional costs incurred by an affected organisation: “These costs include investigations, recovery, communications with customers, shareholders, partners, executives, the media, and also the cost of downtime amongst others.

“This is notwithstanding any long-term implications such as loss of customers, partner confidence, the implementation of additional controls, or raising of insurance premiums.”

Malik added that investing in preventative measures has now become essential: “This is exactly why focusing on preventing ransomware from infecting an organisation is worth the investment. One of the best ways to do this is to focus on the root causes of how ransomware actually gets into organisations.

“In the majority of cases, it will be phishing, weak credentials, or exploitation of unpatched software. If organisations focus on preventing these three to begin with, they can greatly reduce the risk of being hit by ransomware.”

David Paul

Staff Writer, DIGIT

Latest News

%d bloggers like this: