New research suggests that 59% of financial services firms have been hit by a ransomware or cyber attack in the past 12 months.

Research by cyber security firm Bridewell found a growing threat from ransomware attacks which often involve hackers ‘locking’ a companies’ servers until a ransom is paid.

Other cyber attacks, such as phishing attacks, are also growing in number, said Bridewell, which surveyed 521 staff responsible for cyber security in a range of sectors including finance, civil aviation, energy, transport and central government. 

Bridewell warned that the financial services sector was a "vulnerable industry."

Bridewell says that ransomware attacks have “significant implications” for the financial services sector by risking their reputations and harming adherence to strict compliance rules.

Some 46% of respondents surveyed cited losses from fines and reputational damage as the primary consequences of a breach.  

Phishing attacks are becoming widespread, averaging 13 incidents per year.

A major issue for firms is the challenge of responding quickly to attacks to mitigate the damage they cause.

Financial businesses take 6.62 hours on average to respond to ransomware attacks. Phishing, nation-state backed attacks and malware require more than 10 hours to deal with, while supply chain attacks and data theft misuse attacks require more than 13 hours to deal with.

Bridewell warned that the 'nation-state' threat continues to escalate as Russian, Chinese, Iranian and North Korean-affiliated threat actors escalate their efforts. 

On the positive side, the firm also found that finance organisations were “actively enhancing” their cyber security measures. Almost all financial organisations (95%) are using AI-driven tools, including chatbots, phishing detection and data loss prevention. Nearly half of respondents (49%) expect to spend more on IT security than last year. 

Anthony Young, chief executive of Bridewell, said: “The financial sector is subject to strict rules and regulations, with non-compliance detrimental financially and reputationally, making it a vulnerable industry. But ransomware and phishing attacks are having a detrimental impact, and lengthy response times are only adding to the damage caused.

“With nation-state attacks also posing a significant threat, the sector must fortify its cyber defences with incident response and reporting, defined risk management practices, regular audits and training programmes to futureproof its operations. It’s promising that the sector is already adopting AI-driven solutions and planning to invest more in cyber security in order to do so."