• Friday, 26th December, 2025

Report: Financial Services Organisations Hit by Ransomware Spend over $2m in Recovery Costs

Business | 4 years ago

Emma Okonji

Sophos, a global leader in next-generation cybersecurity, has revealed how mid-sized financial services organisations worldwide spent more than $2 million on average recovering from a ransomware attack.

It stated this in its latest survey report findings, titled: “The State of Ransomware in Financial Services 2021.”

This figure exceeds the global average of $1.85 million, even though the results also show the financial sector is among the most resilient against ransomware.

Accordingly to the report, nearly, two-thirds, about 62 per cent of victims surveyed in the technology sector were able to restore their encrypted data from backups. The survey studied the extent and impact of ransomware attacks during 2020.

The report found that 34 per cent of the financial services organisations surveyed were hit by ransomware in 2020, while 51 per cent of the organisations impacted, said the attackers succeeded in encrypting their data.

The findings further showed that only 25 per cent paid the ransom demanded to get their encrypted data back. This is the second lowest payment rate of all industries surveyed.

“Financial services were among the most highly regulated industries in the world. Organisations must adhere to myriad regulations, including SOX, GDPR, and PCI DSS, which include pricey penalties for non-compliance and data breaches. Many of these organisations are also required to prepare business continuity and disaster recovery plans to minimize any potential damage from data breaches or operational disruptions stemming from a cyberattack, “the report further said.

Analysing the report, Senior Security Advisor at Sophos, John Shier, said: “Strict guidelines in the financial services sector encourage strong defenses. Unfortunately, they also mean that a direct hit with ransomware is likely to be very costly for targeted organizations. If you add up the price of regulatory fines, rebuilding IT systems and stabilising brand reputation, especially if customer data is lost, you can see why the survey found that recovery costs for mid-sized financial services organisations hit by ransomware in 2020 were in excess of $2 million.

“Two other slightly worrying data points are the fact that a small, but significant, 8 per cent of financial services organisations experienced what are known as ‘extortion’ attacks, where data is not encrypted, but stolen and victims are threatened with the online publication of their data unless they pay the ransom.
Backups cannot protect against this risk, so financial services organisations should not rely on them as an anti-extortion defense. Further, 11 per cent of the financial organisations surveyed believe they won’t get hit because they are ‘not a target. This is a dangerous perception because anyone can be a target. The best approach is to assume you will be a target and to build your defenses accordingly.”

According to the report, “Of the financial services organizations that believe they’ll be hit by ransomware in the future, 47 per cent said this is because attacks are now so sophisticated they have become harder to stop. About 45 per cent feel they’ll become a target because other organisations in their industry have already been targeted with ransomware, while 40 per cent believe that since ransomware is so prevalent, it is inevitable they’ll get hit by the cybercrime.”

The financial sector has too much at stake to not set up an in-depth defensive plan to protect, detect and block cyberattackers,” Shier, said, adding that while they should continue to invest in backups and their disaster recovery efforts to minimise the impact of an attack, they should also look to extend their anti-ransomware defenses by combining technology with human-led threat hunting to neutralise today’s advanced human-led cyberattacks.

The State of Ransomware in Financial Services 2021 survey polled 5,400 IT decision makers, including 550 in financial services organisations, in 30 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa.

Related Articles

Founded on January 22, 1995, THISDAY is published by THISDAY NEWSPAPERS LTD., 35 Creek Road Apapa, Lagos, Nigeria with offices in 36 states of Nigeria , the Federal Capital Territory and around the world. It is Nigeria’s most authoritative news media available on all platforms for the political, business, professional and diplomatic elite and broader middle classes while serving as the meeting point of new ideas, culture and technology for the aspirationals and millennials. The newspaper is a public trust dedicated to the pursuit of truth and reason covering a range of issues from breaking news to politics, business, the markets, the arts, sports and community to the crossroads of people and society.

Helpful Links

Contact Us

You can email us at: hello@thisdaylive.com or visit our contact us page.