Financial services organisations hit by ransomware face more than $2 million in recovery costs. According to IT security firm Sophos’ new survey report, titled “The State of Ransomware in Financial Services 2021,” this figure exceeds the global average of $1.85 million, even though the results also show the financial sector is among the most resilient against ransomware.
Nearly two-thirds (62%) of victims surveyed in this sector were able to restore their encrypted data from backups. The survey studied the extent and impact of ransomware attacks during 2020. The survey polled 5,400 IT decision makers, including 550 in financial services organisations, in 30 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa.
Financial services is among the most highly regulated industries in the world. Organisations must adhere to myriad regulations, including SOX, GDPR, and PCI DSS, that include pricey penalties for non-compliance and data breaches. “Strict guidelines in the financial services sector encourage strong defenses,” said John Shier, senior security advisor, Sophos. “Unfortunately, they also mean that a direct hit with ransomware is likely to be very costly for targeted organisations.
If you add up the price of regulatory fines, rebuilding IT systems and stabilising brand reputation, especially if customer data is lost, you can see why the survey found that recovery costs for mid-sized financial services organisations hit by ransomware in 2020 were in excess of $2 million.