In the latest annual Sophos study, 592 IT and cybersecurity leaders in the financial services sector shared their experiences with ransomware attacks over the past year, providing valuable insights into the challenges they face in today’s digital landscape.
The study revealed that 65% of financial services organizations were targeted by ransomware in 2024, consistent with the rate reported in 2023 but higher than in previous years. Of those organizations, 90% reported attempts by cybercriminals to compromise their backups during attacks, with nearly half of those attempts succeeding. However, the financial services sector had one of the lowest rates of backup compromises compared to other industries.
Interestingly, only 49% of ransomware attacks resulted in data encryption for financial services organizations, a significant decrease from the previous year. This sector also reported the lowest data encryption rate across all industries and the highest success rate in preventing attacks before data could be encrypted. Despite these successes, the mean cost for financial services organizations to recover from a ransomware attack increased to $2.58M in 2024, up from $2.23M in 2023.
On average, 43% of computers in financial services organizations were impacted by ransomware attacks, slightly below the cross-sector average of 49%. The study found that only 4% of organizations had their entire environment encrypted, highlighting the rarity of such comprehensive attacks.
One notable trend identified in the study was the increasing propensity of financial services organizations to pay the ransom to retrieve encrypted data. In 2024, 51% of organizations opted to pay the ransom, compared to 62% who restored data using backups. This marks a narrowing gap between the use of backups and ransom payments over the past year.
Among the financial services victims who paid the ransom, the average payment increased significantly, from $109,000 to $2M. Interestingly, only 18% of organizations paid the initial ransom demand in full, with the majority negotiating lower payments with cybercriminals. On average, organizations paid 75% of the initial ransom demanded by attackers.
The study also noted a shift towards using multiple methods to recover encrypted data, such as combining ransom payments with backup restoration. This strategy was adopted by 37% of financial services organizations in 2024, more than double the rate reported in the previous year.
Overall, the Sophos study provides valuable insights into the evolving threat landscape faced by financial services organizations in their battle against ransomware attacks. With cybercriminals becoming increasingly sophisticated, it is essential for organizations to strengthen their cybersecurity defenses and adopt a proactive approach to mitigate these risks.
The report, based on a survey of IT and cybersecurity leaders in the financial services sector, offers a comprehensive analysis of the challenges and trends related to ransomware attacks in today’s digital world. Download the full report for a deeper understanding of ransomware payments, attack rates, and recovery strategies in the financial services industry.