Mortgage firms “need to understand” key risk

“The higher the encryption rate; the larger the key space; the harder it’s going to be (for hackers to get through),” he said.

He admitted that while firms “would never be able to prevent something entirely”, they could mitigate the worst impacts of a cyberattack by implementing what he called a recovery plan.

“If your countermeasures are circumvented, then the next level is (to ask) what can you do to recover? Are you capable of recovering? And the only way to know that is to have a recovery plan documented, updated and tested,” he stressed.

According to a recent global survey of more than 1,200 tech and cybersecurity firms, 61% of respondents said they had been affected by ransomware attacks in 2020, representing a 21% increase over the previous year.

The attacks caused an average loss of six working days to system downtime. More worryingly, 52% of the victims admitted they had paid their attackers’ ransom demands, but 34% of them never recovered their data.