Ransomware attacks cost global financial sector $32.3bn in downtime since 2018

More than 14 million records have been affected this year so far, and the attacks have led to over $4bn in downtime costs.

Ransomware attacks cost the global financial industry over $32.3bn in downtime losses alone between 2018 and June 2023, according to a new report by Comparitech. Since 2018, 225 financial organizations were confirmed to have been hit by a ransomware attack. Insurance companies suffered the greatest number of attacks, with 65 confirmed in the period.

Most attacks occurred in 2021, when 86 confirmed incidents were noted, with the 56 hits in 2020 making that the second most serious year. This year, up to June, there have been 24 confirmed ransomware attacks – which is higher than the same period last year. And Comparitech expects the number to rise. “Many attacks aren’t confirmed until a month or so post-incident, so we expect to see these figures rise even further,” said the report.

“What’s clear is that ransom demands remain extortionately high for the finance sector. But with downtime and sensitive data at stake, it isn’t too much of a surprise that hackers are trying to cash in on the urgency of getting systems up and running and/or safeguarding data.”

Financial services and insurance

A new report from Forrester also shows the big losses for financial services. Breach costs were highest in the financial services and insurance industry, and these sectors struggled more to remove and recover from breaches than others.

Forrester’s findings also showed that attackers remain longest in the networks of financial services and insurance providers. 

Last year, over 3.5 million records were impacted by attacks. As of June this year, over 14 million records have been compromised, and at least 32.3 million individual records are believed to be breached since 2018.

Australian customer records

One of the biggest breaches this year was on the Australian consumer lender Latitude Financial where about 14 million customer records were compromised. Hackers got hold of Australian and New Zealand driver’s licenses, passports and financial statements, and the breach is one of the biggest in Australia’s history.

The hacked records included personal data including names, addresses, telephone numbers, and dates of birth.

“With downtime and sensitive data at stake, it isn’t too much of a surprise that hackers are trying to cash in on the urgency of getting systems up and running and/or safeguarding data.”

Comparitech

Many hackers are going after “big ticket” companies that hold a lot of data. “By stealing large amounts of data as well as encrypting systems, hackers are increasing their chances of receiving a ransom payment. Equally, even if an organization fails to pay, personal financial data will fetch a premium on the dark web,” said Comparitech.

The ransom demands have varied from $180,000 to $40m, with an average on $6.9m in demand.

2021 had the highest ransom demand with $20.5m, yet the final outcome for 2023 is still to come. On average, ransom demands were:

  • 2023 (to June) – $9.3m;
  • 2022 – $892,335;
  • 2021 – $20.5m;
  • 2020 – $4.1m; and
  • 2019 – $1.7m.
Graphic: Martina Lindberg

Since 2018, Comparitech’s research found a total of 4,556 confirmed attacks across all sectors, with business hit hardest with both the highest average of ransom and most affected records.

The average ransom was $4,474,397, but $7,951,583 for all types of business, and a total of 252,367,776 records have been affected by the breaches.

Total confirmed ransomware attacks 2022

Business – 423 attack

  • An average ransom demand of $7.8m
  • 103,740,344 records affected
  • An average of 864,503 records affected per attack

Education – 104 attacks

  • An average ransom demand of $3.7m
  • 830,578 records affected
  • An average of 46,143 records affected per attack

Government – 151 attacks

  • An average ransom demand of $9.8m
  • 869,690 records affected
  • An average of 62,121 records affected per attack

Healthcare – 117 attacks

  • An average ransom demand of $3.6m
  • 10,416,274 records affected
  • An average of 189,387 records affected per attack