This was higher than the global average for the mid-sized financial services firms polled.

In a poll of 550 financial industry IT decision makers in 30 countries on the state of ransomware preparedness in financial services, it was found that mid-sized financial services organizations in the Asia Pacific and Japan region (APJ) spent more US$2.62 million on average recovering from a ransomware attack.  

This figure exceeds the global cross-sector average of around US$1.85m, amid data showing the financial sector was among the most resilient against ransomware attacks in 2020. The poll defined mid-sized firms as those with 100 to 1,000 employees.

Other findings of ransomware management trends—from polls of 129 IT decision makers in APAC, 197 in Europe, 146 in the Americas, and 78 in the Middle East, include:

  • 35% of the financial services organizations surveyed in APJ had been hit by ransomware in 2020.
  • 69% of the organizations impacted indicated that the attackers succeeded in encrypting the data.
  • Of the APJ financial services organizations that believed they will be hit by ransomware in the future, 54% indicated their belief that attacks are so sophisticated as to become harder to stop. Another 35% felt they could be targeted because other organizations have already been targeted.
  • Overall, 51% believed that since ransomware is so prevalent, it is inevitable they will get hit by the cybercrime.
  • 8% of financial services organizations in the poll globally experienced ‘extortion’ attacks, where they are threatened with the online publication of their data unless they pay the ransom.
  • 11% of the financial organizations surveyed globally believed they will not get hit because they were “not a target”.

According to John Shier, Senior Security Advisor, Sophos, the firm that commissioned the poll: “If you add up the price of regulatory fines, rebuilding IT systems and stabilizing brand reputation, especially if customer data is lost, you can see why the survey found that recovery costs for mid-sized financial services organizations in APJ hit by ransomware in 2020 were in excess of US$2.62m.”

While financial services firms continue to invest in backups and disaster recovery efforts, Shier said they should also look to extend their anti-ransomware defenses by combining technology with human-led threat hunting to neutralize advanced human-led cyberattacks.