Pub. 10 2021 Issue 6 15 Given the potential operational and reputational consequences of these types of cyberattacks, banks need to have a plan in advance for how they’ll respond. There are a number of factors to consider. First, while most companies choose to pay – cyber insurer Marsh McLennan reports that more than 60% of ransomware victims pay the requested ransom – it’s not always guaranteed that the encrypted data will be fully restored. In fact, one survey of more than 5,000 I.T. decision-makers worldwide found that about half of those who did pay a ransom only recovered 65% of their compromised data. Twenty-nine percent said they only recouped about 50%. And even if a company’s ransom hacker unlocks all the encrypted data after the ransom is paid, the company will still need to take steps to clean that data and ensure it can’t be easily re-encrypted. On the other hand, there are also several good reasons not to pay a ransom. There are the societal costs to consider – paying the ransom could perpetrate attacks on other institutions or entice the hacker to hit you again for more money. Paying a ransom could also erode trust from customers and business partners, as payment could signal a lack of continuity planning and preparation. Either way, the first time you think about ransomware attacks and how to handle them should not be after your bank has fallen victim to one. To that end, ABA in October released a new Ransomware Toolkit, which provides helpful guides for protecting your bank against ransomware attacks, responding in the event of an attack, and determining whether to pay a ransom. The toolkit can be downloaded at aba.com/ ransomware. Ransomware represents a serious threat to all businesses. But the good news is that the financial sector is ahead of the game when it comes to cybersecurity, given the rigorous regulatory framework to which banks adhere. After all, as we found in a recent ABA/Morning Consult poll, consumers overwhelmingly trust banks the most to keep their personal information safe and secure. By addressing the problem of ransomware head-on and taking prudent steps to prepare, we can help our industry maintain its reputation as the “gold standard” for data protection. Email Rob Nichols at nichols@aba.com. Ransomware represents a serious threat to al l businesses. But the good news is that the f inancial sector is ahead of the game when i t comes to cybersecuri t y, given the rigorous regulatory framework to which banks adhere.
RkJQdWJsaXNoZXIy ODQxMjUw