Ransomware hits 59% of UK financial firms in past 12 months

Almost six in ten businesses within the financial services sector have experienced a ransomware attack in the past 12 months, according to new research by Bridewell, a cyber security company.

Bridewell's survey targeted 521 cyber security personnel across the United Kingdom's critical national infrastructure, which includes sectors such as finance, civil aviation, energy, transport, and central government.

The findings indicate that 59% of the surveyed organisations in the financial services sector fell victim to ransomware attacks within the last year. Additionally, nearly half of the respondents cited legal fines and reputational damage as the main repercussions of such cyber breaches, with 46% acknowledging these as primary consequences.

Phishing attacks remain another prevalent threat, averaging 13 incidents annually within the financial services sector. Both ransomware and phishing attacks are contributing to mounting pressure on the industry to bolster its cyber defences and improve response strategies.

Response times to these cyber incidents also present a challenge. Financial businesses reportedly take an average of 6.62 hours to respond to ransomware attacks. However, other types of threats, including phishing, nation-state-backed attacks, and malware, necessitate more than 10 hours to address. Threats like supply chain attacks and data theft misuse can require over 13 hours to manage. The increasing involvement of nation-state actors, particularly those affiliated with Russia, China, Iran, and North Korea, is further complicating the cyber security landscape for these organisations.

Despite the challenging environment, financial institutions are taking steps to enhance their cyber security measures. A substantial 95% of these organisations are now employing AI-driven tools, such as chatbots, phishing detection systems, and data loss prevention technologies. Additionally, almost half of the respondents (49%) anticipate an increase in their IT security expenditure compared to the previous year.

Anthony Young, Chief Executive Officer of Bridewell, commented on the findings: "The financial sector is subject to strict rules and regulations, with non-compliance detrimental financially and reputationally, making it a vulnerable industry. But ransomware and phishing attacks are having a detrimental impact, and lengthy response times are only adding to the damage caused. With nation-state attacks also posing a significant threat, the sector must fortify its cyber defences with incident response and reporting, defined risk management practices, regular audits, and training programmes to futureproof its operations. It’s promising that the sector is already adopting AI-driven solutions and planning to invest more in cyber security in order to do so."

As the financial sector faces an increasingly complex cyber threat landscape, the necessity for robust security measures and rapid response strategies becomes even more crucial, the researchers state. Future investments and adoption of cutting-edge technologies appear to be essential steps toward securing the industry against persistent and evolving cyber threats.