According to new Sophos research, global financial services organizations spent more than $2 million on average last year on ransomware recovery from a ransomware assault.
To create its State of Ransomware in Financial Services 2021 study, the UK security provider polled 550 IT decision-makers in mid-sized financial sector organizations around the world.
It discovered that a third (34%) of organizations in the vertical were struck by ransomware in 2020, with half (51%) admitting that their attackers were able to encrypt data.
Despite the fact that most (62 percent) were able to retrieve scrambled data from backups, the ransomware recovery costs attributed to victim businesses in the industry were significantly higher than the average across all verticals ($1.85m).
Only 25 percent of financial services victims paid the ransom demand, the second-lowest payment rate of all industries examined and below the global average of 32 percent, which is also startling.
To some extent, this is due to a highly regulated business, where enterprises must comply with several regulations, like PCI DSS, SOX, and GDPR.
Strong defenses are encouraged by strict requirements in the financial services sector. This means that a direct ransomware attack is likely to be highly expensive for the targeted firm,” said John Shier, senior security advisor at Sophos.
Regulatory fines, reconstructing IT systems, and brand reputation stabilization, especially if client data is lost, all add up to why the poll projected that recovery costs for mid-sized financial services businesses struck by ransomware in 2020 will exceed $2m.
Contrary to popular belief, double extortion assaults, which are currently responsible for the majority of all ransomware, only affected 8 percent of firms in the sector.
Fintech had the second-highest cost of a data breach in 2021 at $5.72m, according to IBM, even though it was down from the previous year.