592 IT/cybersecurity leaders share their ransomware experiences from the last year, revealing fresh new insights into the realities facing them today.
The latest annual Sophos study of the real-world ransomware experiences of financial services organizations explores the full victim journey, from attack rate and root cause to operational impact and business outcomes.
This year’s report sheds light on new areas of study for the sector, including an exploration of ransom demands vs. ransom payments and how often financial services organizations receive support from law enforcement bodies to remediate the attack.
Download the report to get the full findings.
Attack rates have remained steady, but recovery is more expensive
65% of financial services organizations were hit by ransomware in 2024, in line with the 64% rate reported in 2023 but above the rate reported in the previous two years.
90% of financial services organizations hit by ransomware in the past year said that cybercriminals attempted to compromise their backups during the attack. Of the attempts, just under half (48%) were successful – one of the lowest rates of backup compromises across sectors.
49% of ransomware attacks on financial services organizations resulted in data encryption, a substantial drop from the 81% encryption rate reported in 2023. The sector reported the lowest data encryption rate across all sectors and the highest success rate in stopping attacks before data can be encrypted.
The mean cost in financial services organizations to recover from a ransomware attack was $2.58M in 2024, an increase from the $2.23M reported in 2023.
Devices impacted in a ransomware attack
On average, 43% of computers in financial services organizations are impacted by a ransomware attack, a little below the cross-sector average of 49%. Having your full environment encrypted is extremely rare, with only 4% of organizations reporting that 91% or more of their devices were impacted.
The propensity to pay the ransom has increased in financial services
62% of financial services organizations restored encrypted data using backups, and 51% paid the ransom to get data back. In comparison, globally, 68% used backups and 56% paid the ransom.
The three-year view of financial services organizations reveals that the gap between the use of backups and ransom payment has narrowed over the last 12 months. In 2023, 69% of financial services organizations used backups, and 43% paid the ransom to restore encrypted data after the attack.
A notable change over the last year is the increase in the propensity for victims to use multiple approaches to recover encrypted data (e.g., paying the ransom and using backups). In this year’s study, 37% of financial services organizations that had data encrypted reported using more than one method, more than double the rate reported in 2023 (16%).
Financial services victims rarely pay the initial ransom sum demanded
90 financial services respondents whose organizations paid the ransom shared the actual sum paid, revealing that the average (median) payment was $2M in 2024.
Only 18% paid the initial ransom demand. 67% paid less than the original demand, while 15% paid more. On average, across all financial services respondents, organizations paid 75% of the initial ransom demanded by adversaries.
Download the full report for more insights into ransom payments and many other areas.
Source: Sophos