Print this article

Global Ransomware Attacks Surge, Threatening Financial Sector - Fitch

Tom Burroughes

24 May 2021

(An earlier version of this article was run last Friday on Family Wealth Report, sister news service to this one.)

An almost fivefold surge in ransomware attacks during 2020, accounting for a quarter of all cyber-security cases, shows how this has become an increasing menace to the banking and wider global financial system, according to . 

US direct written premiums to insurers against cyber risks rose by about 22 per cent in 2020 to almost $3 billion, and the direct loss ratio for standalone cyber risks rose to 73 per cent in 2020, the highest level recorded in the six years since data have been available, it said. 

The report came out as policymakers and energy executives were wrestling with a ransomware attack that took down the largest petroleum pipeline in the US – the Colonial Pipeline carrying 2.5 million barrels per day of petroleum and other refined fuels. Colonial reportedly paid a $5 million ransom to the group (source: CNBC, 18 May, others).

“The volume, size and sophistication of ransomware attacks are expected to increase, as the risk of criminal prosecution remains low and profit incentives remain high. Fitch views the increase in attacks and severity as a credit negative; however, every incident will be evaluated within the context of each issuer’s credit profile,” the ratings agency said in a report.

Cybersecurity threats targeting banks and wealthy individuals – such as those using family offices – have been an industry concern for years. A worry has been that advisors to HNW individuals and family offices haven’t traditionally been on the leading edge of IT security, and are therefore vulnerable. 

Ransomware attacks skyrocketed by 485 per cent in 2020 globally, according to Bitfdefender, accounting for nearly one-quarter of all cyber incidents, with total global costs estimated at $20 billion, per Purple Sec, Fitch said in its report. Ransomware attacks which threaten to release stolen data are rising and constituted 77 per cent of total attacks in the first quarter of 2021.This has helped drive up the cost of ransomware attacks, with the average ransom payment in Q1 of $220,298, surging by 43 per cent from the final three months of last year, Fitch said. (It cited data from to Coveware.)

“Recent incidents may spur internationally coordinated public and private efforts to help prepare for and mitigate against ransomware attacks,” Fitch continued.

It noted that the Institute for Security and Technology recently issued a Ransomware Taskforce report indicating that combatting ransomware should be a global priority. The US Justice Department has established a ransomware taskforce with the FBI and federal prosecutors to increase coordination with the private sector and other agencies.

“Issuers with less sophisticated networks, security systems and IT departments may be most vulnerable to attack, but downside risk potential is higher at larger and more strategically important entities.

Ransomware target every sector and geography, but certain sectors have proved more attractive targets than others,” Fitch said.

“Professional services firms, such as small law and financial services firms, are popular targets of ransomware attacks as they typically possess valuable personal identifiable information, payment data, or intellectual property."

Elsewhere, Fitch noted that cyber attacks against schools, local government, and healthcare providers more than doubled to 2,354 in 2020 from 966 in 2019 (citing figures from Emsisoft).

“Payment of the ransomware does not guarantee that stolen files will be returned or undistributed or that a decryption device will be provided. Payment of ransomware can expose financial firms to increased financial and compliance risk, including Know Your Customer (KYC), Anti-Money Laundering (AML), and Combatting Financing of Terrorism (CFT) laws,” it said.

“Without the ability to transfer the risk, affected companies would face increased financial risk from a ransomware attack, which is a credit negative,” it added.

Colonial Pipeline was hit in May, forcing it to shut approximately 5,500 miles of pipeline, and disrupting delivery systems in Southeastern states. The FBI blamed the attack on DarkSide, a cybercriminal gang believed to be based in Eastern Europe.