There’s no hiding from it; ransomware is once again on the rise and today’s attackers do not discriminate. Regardless of size and sector, no organisation is immune and as the list of recognisable victims grows longer, it’s not a case of ‘if’ a business will get hit but ‘when’.

For financial services organisations, in particular - due to the very nature of the data that they hold – the impact of such an attack will be devastating. Once files are encrypted by ransomware, victims are left with few choices. Even if they choose to pay the ransom to the criminals behind the attack, there is no guarantee that their data will be returned. To make matters worse, the financial cost is often matched by the potential reputational damage, which some may never bounce back from.

This is why it’s more important than ever to prepare for the inevitable. When ransomware hits, time is of the essence. Financial services firms need to be able to react both quickly and effectively. It is only then that they stand a chance of protecting their most valuable asset – data – from malicious actors.

A growing concern

The ransomware threat is not a new phenomenon. However, with increasing amounts of data, shifts in working habits, and the advancement of modern technologies – such as artificial intelligence - it is certainly gaining momentum. In fact, recent research from Veritas discovered that ransomware is a very real concern for financial services organisations especially.

This research analysed the last three years of annual reports for the UK’s FTSE 100 companies, in order identify the main priority areas of the biggest enterprises. Of the industries reported on, cyber threats seem to be particularly weighing on the minds of those operating in the financial services sector. In fact, mentions of ‘cyber-attack’ in financial sector firms’ annual reports have increased by 55% in the last three years. Meanwhile, ransomware mentions were up by 88% from 2020 to 2022.

As a highly regulated industry, responsible for holding vast amounts of personal information on individuals and businesses, financial services organisations have historically been a key target for cybercriminals, and it would appear that the threat is only increasing.

Protect against the inevitable

In today’s world, insuring your digital infrastructure is just as important as insuring your physical one. When it comes to ransomware, failure to prepare really is preparing to fail. Financial services organisations need a comprehensive response plan that is regularly tested, rehearsed, and continually communicated with all key stakeholders. It is only then that they can be on the front foot and act quickly to ensure business resiliency when attackers strike.

A key part of any response plan should be investment in resilient IT systems and robust risk-management processes. As well as reducing the likelihood of any disruption following an attack and improving the business’s overall ability to recover, these two elements will enable financial services organisations to develop strategies to help mitigate the impact of ransomware in the future.

However, it’s not just about investing in modern technologies. Another important part of the puzzle is to invest in the people who use them day-in and day-out. Organisations should regularly provide training to employees and all service-providing third parties on what to do and how to respond in the face of an attack.  Too often, this step gets missed and key business partners do not receive updates in critical communication procedures, meaning a disjointed approach on the road to recovery.

Once financial sector firms have a response plan in place, it’s critical that they practice how it will be implemented. Stress testing on a regular basis is important to ensure that everything is working as it should be, before it needs to. Organisations should test their digital solutions and also rehearse the plan with drills and exercises for their employees and service providers. This will help to ensure that everyone knows the plan and their roles and responsibilities during an attack. 

The time to act is now

With the ransomware threat showing no signs of slowing down, financial services organisations must act now to get ahead of the attackers. A response plan – which incorporates both modern technologies and essential employee training – is no longer optional. In the face of attack, everyone must be clear on what they need to do and which procedures they need to follow. It’s only by coming together and implementing a well-rehearsed recovery plan that operational resiliency can be maintained, and precious data can be protected.