Almost six in ten (59pc) businesses in the financial services sector have admitted to being on the receiving end of a ransomware attack in the past 12 months, according to a survey by a cyber firm.
Bridewell surveyed 521 staff responsible for cyber security at UK CNI (critical national infrastructure) bodies – covering civil aviation, energy, transport, finance and central government. As the firm says, ransomware attacks have implications for financial services. Those that fail to deal effectively with these threats risk their reputation and falling foul of strict compliance rules. Towards half, 46pc of respondents cited losses from legal fines and reputational damage as the primary consequences of a breach.
In addition to ransomware, phishing attacks are also widespread, averaging 13 incidents per year, the survey suggests. The dual threat is putting immense pressure on the industry to enhance its cyber defences and response strategies. Given these consequences, the sector is struggling to react quickly to cyber incidents and mitigate the damage they cause, the firm suggests. While financial businesses take 6.62 hours on average to respond to ransomware attacks, phishing, nation-state backed attacks and malware require more than ten hours, while supply chain attacks and data theft misuse require more than 13 hours. The firm states that the nation-state threat continues to escalate as Russian, Chinese, Iranian and North Korean-affiliated threat actors escalate their efforts, particularly in the wake of the Russia-Ukraine and Israel-Palestine conflicts.
Despite these concerns, finance firms are enhancing their cyber measures. Almost all financial organisations (95pc) are using AI-driven tools, including chatbots, phishing detection and data loss prevention. Nearly half of respondents (49pc) expect to spend more on IT security than last year.
Anthony Young, Chief Executive Officer of Bridewell says: “The financial sector is subject to strict rules and regulations, with non-compliance detrimental financially and reputationally, making it a vulnerable industry. But ransomware and phishing attacks are having a detrimental impact, and lengthy response times are only adding to the damage caused. With nation-state attacks also posing a significant threat, the sector must fortify its cyber defences with incident response and reporting, defined risk management practices, regular audits and training programmes to future-proof its operations. It’s promising that the sector is already adopting AI-driven solutions and planning to invest more in cyber security to do so.”
