Ransomware attacks are a fast-growing global security threat, according to a new report from Fitch Ratings.

The rating agency reported that ransomware attacks jumped by 485% in 2020, accounting for nearly one-quarter of all cyberattacks during the year, citing data from Romanian cybersecurity firm Bitdefender.

“The volume, size and sophistication of ransomware attacks are expected to increase, as the risk of criminal prosecution remains low and profit incentives remain high,” the report said, noting that ransomware accounted for over three-quarters (77%) of all attacks in the first quarter of 2021.

In 2020, the estimated global cost of these kinds of attacks totalled US$20 billion, it said, citing U.S.-based cybersecurity company, PurpleSec.

Financial services firms and smaller law firms are favourite targets for these kinds of attacks, Fitch noted, “as they typically possess valuable personal identifiable information, payment data, or intellectual property.”

The report said that paying ransoms “can expose financial firms to increased financial and compliance risk,” including the risk of violating KYC and anti-money laundering laws.

The availability of insurance coverage for ransomware attacks is also continuing to evolve, the report noted, with a leading insurer in France recently declaring that it will no longer cover ransom payments under its cyber-insurance policies.

“This may lead other market participants and jurisdictions to follow suit,” Fitch said.

“Without the ability to transfer the risk, affected companies would face increased financial risk from a ransomware attack,” it said, adding that this could also impact firms’ reputational, operational and regulatory risks.

The recent surge in ransomware attacks may lead to more internationally co-ordinated efforts to combat the phenomenon, Fitch said, noting that the U.S. Department of Justice (DoJ) has established a ransomware task force with the FBI and federal prosecutors.