Aon | Financial Institutions Practice
Ransomware: digitalization and the escalating risks for financial institutions’

Release Date: October 2021

Ransomware: digitalization and the escalating risks for financial institutions’

The issue of ransomware is growing exponentially for financial institutions. Insurers are experiencing mounting losses, largely driven by the proliferation of ransomware attacks, which have increased 486% from Q1 2018 to Q4 2020¹ and with the global cost of cyber crime estimated to reach USD 6 trillion in 2021², managing cyber and ransomware risks is critical for financial institutions.

What is driving an industry-wide focus on ransomware risk?

After ransom-seeking cybercriminals triggered commercial and economic disruption across a number of cyber events in the United States, government action to establish parameters around ‘critical infrastructure’ indicates that ransomware is an area of focus for the Biden administration. Meanwhile, regulatory bodies are becoming increasingly punitive and focusing on the resilience of firms’ digital infrastructure.

The COVID-19 pandemic has accelerated technological evolution across the financial sector, where rapid and widespread digitalisation continues to gather momentum. Operational automation, artificial intelligence (AI), digital payments, retirement plans and technology supply chains – among other trends – are all testing financial institutions’ operational resilience and exposure to ransomware attacks.

Are financial institutions prepared for escalating ransomware risk?

Data gathered by Aon’s online cyber risk self-assessment platform Cyber Quotient Evaluation (CyQu) demonstrates that financial institutions consider themselves to be among the industries best prepared for emerging cyber risks across four key themes: digital evolution; third-party risk; ransomware; and regulation.

Self-assessment: how do financial institutions feel about their cyber risk strategy?

The majority (62%) of financial institutions feel that the firm has mature network environments and strong hygiene around network security, with 60% conducting regular network penetration tests³.

Almost half of organizations (45%) scan their attack surface for vulnerabilities, while almost a third (27%) have not implemented two-factor authentication across all remote login³.

Although large banks are typically able to leverage healthy budgets to invest in ransomware risk management, middle-market and smaller banks are working deploy capital more strategically. Balancing risk and opportunity is driving firms to consider how to make the best decisions for cyber security budgets to support changing business models – while protecting their people, client, partners, and balance sheet.

Industry-focused solutions

As financial institutions navigate the rapidly changing risks of an increasingly digitalized operating model, access to industry-focused ransomware solutions is critical. As discussed in a recent webinar, managing both risk and cost demands a comprehensive approach which streamlines the process of proactively identifying ransomware vulnerabilities to better negotiate insurance placements.

By leveraging two tailored ransomware offerings, financial institutions can access:

An assessment platform to level-set the firm’s cyber maturity
An analysis and improvement plan for the nine key control areas that most concern insurers
Measures to incorporate 10 critical steps to prevent and detect ransomware threats
Combined defense, preparedness and remediation strategies to prevent, prepare for, and mitigate the financial impact of a ransomware attack

More information about ransomware offerings and bundles is available here.

Contact

To discuss any of the topics raised in this article, please contact Joel Sulkes or or Nancy Eaves.

Joel Sulkes
Global Financial Institutions Practice Leader
New York

Nancy Eaves
Senior Vice President, Product Management
New York

¹ Source: Risk Based Security, analysis by Aon. Data as of 1/5/2021; Ransomware payment per Coveware Ransomware Report as of 11/4/2020
² https://cybersecurityventures.com/annual-cybercrime-report-2020/
³ Aon 2021 Cyber Risk Report: Financial Institutions Insights

Forecast Stormy: Climate Change and Local Law ’97 Webinar

Podcast: Is Bitcoin Really Anonymous? The Recovery of a Ransomware Payment

1 2 3 4 5 6 7 8

Explore Our Solutions & Services

Business Sectors

Explore our capabilities across insurance, risk, and human capital solutions for banks, digital asset and blockchain, and fintech firms.

Risk & Insurance Solutions

Explore our capabilities for technology and cyber risks, property and casualty, credit, intellectual property, climate, directors and officers, and employment practices risks.

Additional Services

Financial institutions are navigating increasingly complex global risks, which require support across areas such as transactional services, risk consulting, claims, captives and mortgage hazard & impairment.

Risk Consulting
In today’s increasingly globalized world, business risks are no longer isolated by industry or geography.
Captive
Captive usage is evolving. Market conditions are prompting more discussions around alternative risk financing options as many financial institutions see their risk transfer costs surge.
Mortgage Hazard & Impairment
The mortgage market depends on an insurance framework that mixes physical and credit protections, but as the global and US economies begin to move forward amid the ongoing global economic impacts of COVID-19, vigilance and advanced planning will be critical to manage compounding perils.

Human Capital Solutions

Despite the evolution of technology, financial institutions’ power to grow, ability to navigate risk and capacity for digital transformation continues to depend on people. Addressing health and benefits, talent and performance, and retirement and investment challenges with sustainable and tailored solutions enables firms to make confident business decisions and withstand market volatility.