How Has Ransomware Affected Financial Services in 2022?

Sophos has released its annual report on the state of ransomware in the financial services industry for 2022, which draws feedback from 444 IT professionals across 31 countries in the financial services sector (source). 

Sensitive financial information and money – what more could a cybercriminal ask for? In this blog, we’ll dig into ransomware stats for 2022 and see how the financial services sector compared with other industries.

How Were Financial Services Affected by Ransomware in 2022? 

The report goes over the percentage of organizations  hit by ransomware, how often data is encrypted, how much encrypted data is recovered after paying the ransom, the average remediation cost, and how often cyber insurance pays the ransom. 

First, let’s review some statistics from the last 12 months:

• 55% of financial services organizations were hit by ransomware in 2021, up from 34% in 2020.
• Surprisingly, financial services were one of the lowest-hit sectors (55%)
• In addition to having one of the lowest rates of ransomware attacks, financial services organizations also reported the second-lowest rate of data encryption (54%).
• Within the financial services sector, 55% of respondents reported an increase in attack volume, 64% reported an increase in attack complexity, and 55% reported an increase in the impact of attacks.
• Financial services experienced an above-average increase in the complexity of attacks (64% vs. 59%). This statistic tells us that the sector’s strong ability to prevent and stop attacks may have led cybercriminals to increase the sophistication of their attack strategies as they adapt to remain successful.   

What We Can Learn from the Sophos Report 

1. Financial services companies are prioritizing IT. The high success rate in stopping data encryption is likely a result of strong layered defenses. 
2. A lower attack rate (compared to other industries) can be tied to the financial sector taking cybersecurity seriously, especially when their cybersecurity insurance company requires it. Because of the “money” nature of the financial services sector, cyber insurance companies often require a high cyber defense package as a condition of their coverage. Based on the Sophos report, this insurance company requirement protects financial services companies as a result  of coverage requirements.
3. Attacks are becoming more frequent and more complex across all industries. Despite a slight glimmer of hope among financial services – primarily driven by increased security measures due to cyber insurance requirements– cybercriminals are alive and well. No industry is safe, with attacks becoming more complex and criminals savvier in their methods. 

IT Support for Financial Services Companies

With a history of working with the financial services sector, PK Tech is experienced in the unique security challenges presented by the industry. As your IT security team, we stay on the cutting edge of regulatory changes and implementation tools that will help your business run as safely and efficiently as possible. You can check out more of our financial services resources or schedule a call with one of our IT pros here.