Ransomware Is Changing Financial Services—Are You Ready?

• Ransomware remains a major threat to FinServ, with evolving regulations continuously changing how the industry needs to respond.
• Mandates like NYDFS, GLBA and CSL define the baseline for data security and breach prevention.
• A foundation of robust data security measures is key to keeping covered and adaptable, no matter how mandates change. 

Whenever cybercriminals successfully target financial services (FinServ), we’re reminded all too well that money makes the world go round. A fruitful attack can lock customers out of their bank accounts, expose sensitive data and fuel theft, fraud and a worrying distrust in financial institutions. 

The stakes are clearly high, and unfortunately attacks are still soaring. Between 2021 and 2024, the number of financial organizations worldwide reporting a ransomware attack doubled from 34% to 65%.  

Don’t think cyber insurance providers haven’t noticed. Premiums skyrocketed by an average of 30% in 2023, and businesses in high-risk sectors like FinServ saw premiums 50% higher than the market average. Why? It’s likely because ransomware accounted for 41% of cyber insurance claims last year, making insurers wary of just how much risk they’re covering.

As the ransomware epidemic surges on, businesses must now navigate new, complex regulations to stay protected while scrambling to keep the lights on. In the United States, a recently introduced bill dubbed the Public and Private Sector Ransomware Response Coordination Act signals regulators may be ramping up efforts to curtail the damage, making compliance a difficult, moving target. Yet if FinServ wants to keep their customers' sensitive data safe from cyber ruffians and avoid costly ransoms, they’ll need to stay nimble. Here’s how.

Block ransomware with compliance-driven security

Even if some lawmakers pursue a more permissive regulatory environment, banks, brokers and insurers have little choice but to build a solid foundation in information security; the health of their businesses and brands rely on it—and so do their customers, shareholders and partners. No one wants to hear “rules are there for a reason,” but the fallout from malware attacks is sobering proof that protections aren’t just for show. In April 2024, Ally Bank suffered a major data breach that exposed sensitive customer data—names, addresses and Social Security numbers—of over 4.2 million customers. Without robust security measures in place, Ally Bank now faces two class-action lawsuits due to non-compliance and failure to disclose the breach. Yikes.

As ransomware tactics have evolved, so have compliance mandates. For instance, European FinServ businesses are currently facing a new wave of data sovereignty laws, including the Payment Services Directive 2 (PSD2), Basel III and the Digital Operational Resilience Act (DORA). While this may seem cumbersome to keep up with, emerging regulations are aimed at helping organizations focus on adopting industry-standard security measures to adapt protections to new threats. 

As a result of these requirements, businesses are called to constantly monitor and enforce zero trust principles to protect sensitive data and maintain regular reporting. Here are some of the regulations currently working behind the scenes to keep FinServ locked down: 

U.S. data protections and regulations

These U.S.-specific regulations are essential for any company in FinServ to maintain strong defenses against cyberattacks, especially ransomware:  

• Gramm-Leach-Bliley Act (GLBA): GLBA requires banks and financial institutions to implement security protocols that protect non-public customer information from threats—helping them avoid potentially millions in losses and mitigations.
• New York Department of Financial Services (NYDFS): Keeping FinServ in check and ensuring companies are fully prepared, NYDFS requires data encryption, regular risk assessments and incident response plans.
• Federal Financial Institutions Examination Council (FFIEC) Guidelines: A blueprint for financial institutions operating in America, the FFIEC calls for key ransomware defense strategies like network segmentation, endpoint protection and ongoing employee training.

Global data protections and regulations

While regulations can vary across countries, these standards set the bar for how financial services operating internationally protect their operations: 

• European Banking Authority (EBA) Guidelines: EBA’s focus on risk management, operational resilience and ransomware defense defines the cybersecurity baseline for all financial institutions across Europe.
• General Data Protection Regulation (GDPR): The gold standard for global data protection, GDPR requires financial institutions to notify authorities of a data breach within 72 hours to help minimize data exposure and long-term impact.
• Cybersecurity Law of the People Republic of China (CSL): China’s stringent approach to data security and ransomware defense mandates that companies with operations in China, or that use data related to China, maintain strong defenses for sensitive data and critical infrastructure with regular risk assessments and reporting. 

Staying compliant can be hard, but here’s how to make it easier

In times of uncertainty–and there’s plenty of that these days–what businesses need is a robust security foundation, so that no matter if regulations scale up or even down, you’re still protected. Set your stack up for success today and into the future with these solutions that streamline compliance, safeguard your assets and slay your adversaries:

• Data encryption – Encrypt sensitive data throughout its lifecycle so it stays out of the hands of cybercriminals—minimizing breaches while anticipating stricter data protection laws.
• Endpoint security – From workstations to mobile devices, endpoint security solutions detect and block malware, including ransomware, without forgetting compliance.
• Endpoint management – When you leave vulnerabilities unpatched, they become a ransomware gold mine. Automated patch management helps you stay compliant now and in the future by closing gaps before attackers have a chance to exploit them.
• Access management – Limit access to critical systems with full control over privileged user actions. As regulatory frameworks shift, strong identity and access controls will remain a cornerstone of compliance.
• Email security – With phishing a top ransomware delivery method, you want a security solution that can flag suspicious messages, identify hidden threats and prevent data leaks—keeping you up to date (and beyond) with data protection laws.  

But why stop there? Strong application control enforces zero trust and makes compliance reporting and investigations even easier, especially as regulations continue to progress. The truth is, the more layers in your defense system, the easier it will be to adapt to new requirements and meet upcoming updates to regulations. And, most importantly, the better you’ll be able to defend the very data and assets that all these regulations are intended to protect.

For industry-leading security, trust our threat hunters on the front lines 

Before the next generation of cyberthreats hits, regulators are pushing organizations—especially in FinServ—to strengthen their defenses with the latest intelligence. That’s where the Symantec Threat Hunters come in.

Our elite, multi-disciplinary team of investigators, malware analysts and data scientists work in the trenches to track ransomware activity across 500,000 endpoints in real time and translate threat intelligence into actionable protections. Their insights enhance our detection capabilities and offer a clearer picture of attacker behaviors on the horizon. 

Get your copy of Ransomware 2025: A Resilient and Persistent Threat for the latest on RaaS operations, evasion techniques and expert insights, straight from the team trusted to protect the world’s most targeted industries.