Aon  |  Financial Institutions Practice
Ransomware: digitalization and the escalating risks for financial institutions’

Release Date: October 2021

Ransomware: digitalization and the escalating risks for financial institutions’

The issue of ransomware is growing exponentially for financial institutions. Insurers are experiencing mounting losses, largely driven by the proliferation of ransomware attacks, which have increased 486% from Q1 2018 to Q4 20201 and with the global cost of cyber crime estimated to reach USD 6 trillion in 20212, managing cyber and ransomware risks is critical for financial institutions.

What is driving an industry-wide focus on ransomware risk?

After ransom-seeking cybercriminals triggered commercial and economic disruption across a number of cyber events in the United States, government action to establish parameters around ‘critical infrastructure’ indicates that ransomware is an area of focus for the Biden administration. Meanwhile, regulatory bodies are becoming increasingly punitive and focusing on the resilience of firms’ digital infrastructure.

The COVID-19 pandemic has accelerated technological evolution across the financial sector, where rapid and widespread digitalisation continues to gather momentum. Operational automation, artificial intelligence (AI), digital payments, retirement plans and technology supply chains – among other trends – are all testing financial institutions’ operational resilience and exposure to ransomware attacks.

Are financial institutions prepared for escalating ransomware risk?

Data gathered by Aon’s online cyber risk self-assessment platform Cyber Quotient Evaluation (CyQu) demonstrates that financial institutions consider themselves to be among the industries best prepared for emerging cyber risks across four key themes: digital evolution; third-party risk; ransomware; and regulation.

Self-assessment: how do financial institutions feel about their cyber risk strategy?

The majority (62%) of financial institutions feel that the firm has mature network environments and strong hygiene around network security, with 60% conducting regular network penetration tests3.

Almost half of organizations (45%) scan their attack surface for vulnerabilities, while almost a third (27%) have not implemented two-factor authentication across all remote login3.

Although large banks are typically able to leverage healthy budgets to invest in ransomware risk management, middle-market and smaller banks are working deploy capital more strategically. Balancing risk and opportunity is driving firms to consider how to make the best decisions for cyber security budgets to support changing business models – while protecting their people, client, partners, and balance sheet.

Industry-focused solutions

As financial institutions navigate the rapidly changing risks of an increasingly digitalized operating model, access to industry-focused ransomware solutions is critical. As discussed in a recent webinar, managing both risk and cost demands a comprehensive approach which streamlines the process of proactively identifying ransomware vulnerabilities to better negotiate insurance placements.

By leveraging two tailored ransomware offerings, financial institutions can access:

More information about ransomware offerings and bundles is available here.


To discuss any of the topics raised in this article, please contact Joel Sulkes or or Nancy Eaves.

Joel Sulkes

Joel Sulkes
Global Financial Institutions Practice Leader
New York

Nancy Eaves

Nancy Eaves
Senior Vice President, Product Management
New York

1 Source: Risk Based Security, analysis by Aon. Data as of 1/5/2021; Ransomware payment per Coveware Ransomware Report as of 11/4/2020
3 Aon 2021 Cyber Risk Report: Financial Institutions Insights