2024 witnessed an increase in cyber threats and attacks with firms in finance looking for ways to cope and boost security. What can be done?
Since 2023, the number of threat actors has doubled (up 96%) and the number of organisations posted on ransomware and data-theft leak sites grew by 13%. While this is down from the 70% growth in the prior year, it is still an increase.
Go deeper with GlobalData
This is according to S-RM, a global cybersecurity and intelligence firm, that also found exploited vulnerabilities in public-facing systems accounted for method of entry in 39% of extortion cases S-RM supported in 2024.
S-RM also observed a 53% increase the number of small businesses named on ransomware leak sites. Increased competition among ransomware groups has broadened the scope of organisations targeted by threat actors.
Jamie Smith, global managing director of cyber security at S-RM, said: “While the proportion of threat actors nearly doubled in 2024, we’ve seen that five groups make up 39% of all incidents reported – down from 53% the previous year. This fragmentation is being driven by the break up of big ransomware groups and the ever lower barriers to entry for new threat actors.
“The behaviour of these groups has been difficult to predict and their credibility even tougher to assess, but their motivations remain consistent; financial gain. However, action from groups like the NCA in the UK, and other law enforcement groups globally, has had a positive impact. In 2024, varied approaches helped take down major Ransomware as a Service (RaaS) actors, playing a crucial role in disrupting criminal syndicates by undermining their security and anonymity.”
How do we improve cyber security and defence in finance?
Are these rises a surprise for the industry?
Speaking to PBI, Stephen Ross, Head of Business Development, Americas, S-RM, says: “One of the most striking findings from the report is the increasing fragmentation of the threat actor landscape, coupled with the decreasing barriers to entry in this space. This shift has led to a surge in the number of distinct threat actors, rising from 27 to 53 year over year. This represents a significant increase, and ultimately, a larger number of threat actors means more organisations and institutions being targeted.”
Why has there been such a sharp increase and how can it be prevented?
He continues: “There are a couple of key drivers behind this trend. First, the barriers to entry for cyber criminals continue to decline, allowing individuals with lower technical skills but malicious intent to become operational more quickly. The rise of AI-powered toolkits and large language models (LLMs), such as FraudGPT, has accelerated this process by enabling threat actors to develop sophisticated capabilities with minimal expertise.
“Additionally, geopolitical events – particularly the Russia-Ukraine conflict – have played a role in reshaping the cyber threat landscape. Since 2022, we’ve seen existing cyber criminal groups fracture and reassemble, creating new entities with fresh tactics and objectives.
“As these groups emerge – whether due to lower entry barriers or shifting priorities – organisations with weaker security postures are increasingly being targeted. This has led to heightened competition among cyber criminals. One clear indicator of this is the 53% increase in small businesses being listed on ransomware leak sites, which suggests that threat actors are broadening their focus beyond traditionally high-value targets.”
Clients worry about cyber security and their finances on a daily basis. How can institutions console them?
Ross concludes: “‘Console’ is a good word choice here, but it’s not all doom and gloom. While cyber threats are increasing, there are encouraging signs that organisations and individuals are becoming more resilient. Notably, the growth rate of ransomware incidents has slowed, with the number of organisations posted on ransomware leak sites rising by only 13% in 2024, compared to a 70% increase in 2023. Furthermore, businesses are less likely to pay ransoms – since 2022, the proportion of incidents we’ve responded to that resulted in a ransom payment has dropped by nearly 50%.
“This underscores an important point: the situation is not hopeless. Financial institutions can reassure their clients by emphasising that proactive cyber security measures can significantly reduce the likelihood of an attack. Implementing robust controls – such as multifactor authentication, VPNs, immutable backups, and effective patch and vulnerability management – dramatically strengthens an organisation’s security posture. By taking these steps, businesses can minimise their exposure to cyber threats and enhance their overall resilience.”
