Global financial services organizations have lost over $32bn in downtime since 2018 due to ransomware breaches, a new report has claimed.
Comparitech analyzed 225 confirmed attacks on the sector over the past five years and found that the average organization loses two weeks in downtime due to an incident.
“If no specific figures were given for downtime, i.e. ‘several days,’ ‘one month’ or ‘back to 80% after 6 weeks’ were quoted, we created estimates from these figures based on the lowest figure they could be,” explained Comparitech head of data research, Rebecca Moody.
“For example, ‘several days’ were calculated as three, ‘one month’ was calculated as the number of days in the month the attack happened, and the number of weeks quoted in % recovery statements was used (e.g. six weeks per the previous example).”
The firm then worked out costs using a 2017 report which calculated downtime across 20 sectors at $8662 per minute. Moody noted that some studies have put the figure much higher, at $9.3m per hour for the banking sector. That would put total ransomware downtime losses for the vertical at a staggering $581bn over the five-year period.
Among the sub-sectors analyzed in the financial sector were credit unions, accounting companies, public and retail banks and insurers.
Of these, insurance companies recorded the highest number of attacks over the period (65).
On top of downtime-related losses, Comparitech attempted to quantify how much was paid out to online extortionists since 2018. Demands varied from $180,000 to $40m, with the average demand peaking in 2021 at $61.6m, although the figure was made public in only a few cases.
In fact, 2021 was the biggest year for ransomware attacks on finance companies, with 86 recorded in total, followed by 2020 (56).