592 IT/cybersecurity leaders share their ransomware experiences from the final 12 months, revealing recent new insights into the realities going through them immediately.
The newest annual Sophos examine of the real-world ransomware experiences of monetary companies organizations explores the complete sufferer journey, from assault price and root trigger to operational affect and enterprise outcomes.
This 12 months’s report sheds gentle on new areas of examine for the sector, together with an exploration of ransom calls for vs. ransom funds and the way typically monetary companies organizations obtain assist from regulation enforcement our bodies to remediate the assault.
Obtain the report to get the complete findings.
Assault charges have remained regular, however restoration is dearer
65% of monetary companies organizations had been hit by ransomware in 2024, in keeping with the 64% price reported in 2023 however above the speed reported within the earlier two years.
90% of monetary companies organizations hit by ransomware up to now 12 months mentioned that cybercriminals tried to compromise their backups in the course of the assault. Of the makes an attempt, slightly below half (48%) had been profitable – one of many lowest charges of backup compromises throughout sectors.
49% of ransomware assaults on monetary companies organizations resulted in information encryption, a considerable drop from the 81% encryption price reported in 2023. The sector reported the bottom information encryption price throughout all sectors and the best success price in stopping assaults earlier than information will be encrypted.
The imply price in monetary companies organizations to get better from a ransomware assault was $2.58M in 2024, a rise from the $2.23M reported in 2023.
Units impacted in a ransomware assault
On common, 43% of computer systems in monetary companies organizations are impacted by a ransomware assault, just a little beneath the cross-sector common of 49%. Having your full atmosphere encrypted is extraordinarily uncommon, with solely 4% of organizations reporting that 91% or extra of their gadgets had been impacted.
The propensity to pay the ransom has elevated in monetary companies
62% of monetary companies organizations restored encrypted information utilizing backups, and 51% paid the ransom to get information again. As compared, globally, 68% used backups and 56% paid the ransom.
The three-year view of monetary companies organizations reveals that the hole between using backups and ransom cost has narrowed over the past 12 months. In 2023, 69% of monetary companies organizations used backups, and 43% paid the ransom to revive encrypted information after the assault.
A notable change over the past 12 months is the rise within the propensity for victims to make use of a number of approaches to get better encrypted information (e.g., paying the ransom and utilizing backups). On this 12 months’s examine, 37% of monetary companies organizations that had information encrypted reported utilizing multiple methodology, greater than double the speed reported in 2023 (16%).
Monetary companies victims not often pay the preliminary ransom sum demanded
90 monetary companies respondents whose organizations paid the ransom shared the precise sum paid, revealing that the common (median) cost has elevated 18X over the past 12 months, from $109,000 to $2M.
Solely 18% paid the preliminary ransom demand. 67% paid lower than the unique demand, whereas 15% paid extra. On common, throughout all monetary companies respondents, organizations paid 75% of the preliminary ransom demanded by adversaries.
Obtain the complete report for extra insights into ransom funds and plenty of different areas.
Concerning the survey
The report is predicated on the findings of an impartial, vendor-agnostic survey commissioned by Sophos of 5,000 IT/cybersecurity leaders throughout 14 international locations within the Americas, EMEA, and Asia Pacific, together with 592 from the monetary companies sector. All respondents characterize organizations with between 100 and 5,000 staff. The survey was carried out by analysis specialist Vanson Bourne between January and February 2024, and contributors had been requested to reply primarily based on their experiences over the earlier 12 months.
