Almost six in ten (59%) businesses within the financial services sector have acknowledged experiencing a ransomware attack in the past year, according to Bridewell’s recent research.
The research surveyed 521 individuals responsible for cyber security at UK Critical National Infrastructure (CNI) organisations, including those in civil aviation, energy, transport, finance, and central government.
Ransomware attacks pose significant challenges for the financial services industry. Organisations that do not manage these threats effectively risk their reputations and face stringent compliance penalties. Of those surveyed, 46% highlighted losses from legal fines and reputational damage as the primary repercussions of a breach.
In addition to the escalating ransomware threat, phishing attacks are prevalent, averaging 13 incidents annually. This dual threat is compelling the industry to bolster its cyber defences and response strategies.
Given these serious consequences, the sector is grappling with timely responses to cyber incidents and mitigating their impact. On average, financial businesses take 6.62 hours to respond to ransomware attacks.
In comparison, phishing, nation-state-backed attacks, and malware require over 10 hours, while supply chain attacks and data theft misuse take more than 13 hours. The threat from nation-state actors, particularly those affiliated with Russia, China, Iran, and North Korea, continues to rise, especially in light of the Russia-Ukraine and Israel-Palestine conflicts.
Despite these challenges, financial organisations are proactively enhancing their cyber security measures. Nearly all financial organisations (95%) are utilising AI-driven tools, such as chatbots, phishing detection, and data loss prevention. Furthermore, almost half (49%) of respondents anticipate increasing their IT security expenditure compared to last year.
“The financial sector is subject to strict rules and regulations, with non-compliance detrimental financially and reputationally, making it a vulnerable industry. But ransomware and phishing attacks are having a detrimental impact, and lengthy response times are only adding to the damage caused,” said Anthony Young, Chief Executive Officer of Bridewell. “With nation-state attacks also posing a significant threat, the sector must fortify its cyber defences with incident response and reporting, defined risk management practices, regular audits and training programmes to futureproof its operations. It’s promising that the sector is already adopting AI-driven solutions and planning to invest more in cyber security in order to do so.”
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.