Ransomware costing financial firms $3.61m per breach

Mid-size financial services businesses in Asia–Pacific and Japan spent an average of over US$2.62 million ($3.61 million) recovering from a ransomware attack, new research suggests.

Sophos’ State of Ransomware in Financial Services 2021 report found that 35% of financial services organisations in the region were hit by ransomware during 2020.

Of the impacted organisations, 69% reported that the attackers succeeded in encrypting their data and holding it hostage.

Recovery costs from a successful attack include regulatory fines, rebuilding IT systems and stabilising brand reputation, the report found.

Meanwhile 54% of the financial services organisations that believe they’ll be hit by ransomware in the future said that ransomware attacks have become more sophisticated and harder to stop.

More than a third (35%) feel they will become a target because other organisations in their industry have already been targeted with ransomware, and 51% believe that it’s inevitable they will be impacted because ransomware is now so prevalent.

Sophos senior security adviser John Shier said the worrying findings show that it is essential for financial services organisations to act to reduce their threat surface.

“Strict guidelines in the financial services sector encourage strong defences. Unfortunately, they also mean that a direct hit with ransomware is likely to be very costly for targeted organisations,” he said.

“The financial sector has too much at stake to not set up an in-depth defensive plan to protect, detect and block cyberattackers. While they should continue to invest in backups and their disaster recovery efforts to minimise the impact of an attack, they should also look to extend their anti-ransomware defences by combining technology with human-led threat hunting to neutralise today’s advanced human-led cyberattacks.”

Image credit: ©stock.adobe.com/au/zephyr_p