Every business sector is vulnerable to cybercrime and financial services are no exception. Some of the top cyber threats to this industry include phishing, DDoS attacks, supply chain attacks and bank drops. But by far the worst culprit is ransomware, one of the most elusive, complex and growing crimes out there. In many instances, novice bad actors operate from safe havens using Ransomware-as-a-Service, a business model in which malware developers lease out ransomware to other cybercrooks. In terms of resilience, how does the financial sector compare with the likes of manufacturing, energy, agriculture or education? According to Information Technology expert, Suleyman Ozarslan:

“Financial services firms are amongst the best prepared and most highly capable organisations at detecting and responding to cyber incidents. Yet, despite investing heavily in security and data protection, it’s clear that many continue to experience challenges in these areas.”

Let’s take a look at what some of these ransomware challenges are, both internationally and on home soil.


Sophos recently published its State of Ransomware in Financial Services 2022 report. Perhaps the most alarming revelation contained in the publication is that ransomware attacks on financial services have increased exponentially. In 2021, 55% of the 5,600 respondents were victims of an attack, up from 34% in 2020. These respondents were all mid-sized organisations with 100 to 5,000 employees and from 31 countries. This proliferation of ransomware demonstrates that adversaries have become much more apt at executing attacks at scale. For all intents and purposes, the report defines ransomware as one or more devices being impacted but not necessarily encrypted by the malware. In terms of data encryption, financial services reported the second-lowest rate at 54%. How many paid the ransom to retrieve their data? A sizeable 52%, more than double that of the 25% in 2020.


Again exacting data from the Sophos report, how do ransomware attacks on financial services compare with other industries? This table makes a fair comparison:

Hit by ransomware55%66%
Data encrypted54%65%
Paid the ransom52%46%
Used backups66%73%
Restored some data99%99%
Percentage of data restored after paying63%61%
Got ALL data back after paying10%4%

Perhaps the most worrying of these statics is the fact that of the 55% of financial services companies hit by ransomware, only 10% were able to restore all of their data.


According to the Financial Conduct Authority (FCA), cybersecurity incidents targeting UK financial service entities increased by 52% in 2021.  Of these, 1 in 5 was a ransomware attack. While most industries in the UK saw an overall decrease in the number of ransomware attacks in 2021, for those in finance they rose by 35%. Elena Koldobsky, a Threat Intelligence Analyst, commented on the state of ransomware in the UK and said:

“Through 2021, both financial and other UK companies have been subject to multiple ransomware attacks, and credentials and compromised accounts belonging to British entities were often offered for sale on cybercrime forums.”

The average cost of ransomware attacks on UK finance firms in 2021 was £1.4 million.


Suleyman Ozarslan reflected on the increase in ransomware attacks on UK financial companies and said:

“The large rise in cyber incidents reported to the FCA in 2021 is a concerning trend

and should serve as an important reminder to all firms about the need to make

ongoing improvements in all areas of security. This is necessary to not only mitigate

the risks posed by external threats but also those that arise due to IT failures and

human error.”

Financial firms, just like those in any other industry sector, should have in place a definitive cybersecurity strategy and practice good cyber hygiene. However, there are also four security controls that in particular pertain to data protection in financial services:

  • Multi-Factor Authentication – when you apply an MFA strategy to your credentials they are very difficult for bad actors to compromise
  • Third-Party Risk Management – a TPRM programme will help you to identify security vulnerabilities for all third-party cloud services to prevent supply chain attacks
  • Attack Surface Management – developing an ASM solution will help you to detect data leaks and significantly reduce the chance of a breach
  • Tactics, Techniques and Procedures – learning TTP will help you to identify attack strategies that are used in all industries


Truth be told, ransomware remains a plague for UK financial services companies. And if you are a financial services company, you’ll want to keep your money and that of your clients in safe hands. With over 20 years of experience in professional business IT support, I have good cyber hygiene flowing through my veins. As a cybersecurity and risk mitigation specialist, I can help guide your business in the right direction by applying MFA, TPRM and ASM solutions. Let’s get together for a chat and put ransomware in the place it belongs – right out of the window. For good.

Leave a comment