One-third of Irish firms have paid a ransom to cybercriminals

Almost a third of medium-to-large-sized businesses in Ireland reserve budget for paying ransoms, new research reveals.

One-third (33%) of Irish medium-to-large-sized businesses have paid a ransom to cybercriminals in the last 12 months, according to new research from Expleo.

The research findings also show that 31% of businesses in Ireland reserve budget to pay ransoms in the event of cyberattacks.

“Organisations must adopt zero-trust frameworks which mean even the CEO is not trusted by the network”

Expleo’s survey also found that despite most organisations tackling multiple cyber-threats on an ongoing basis, only a small proportion expect to fall victim to a cyber-attack in the next 12 months.

In anticipation of the launch of its Business Transformation Index 2024, Expleo’s analysis surveyed medium- to large-sized businesses across the island of Ireland, uncovering the impact and prevalence of cybersecurity threats.

The research was conducted by Censuswide, among a sample of 202 business leaders and IT leaders in companies with at least 50 employees, aged 18+, in the Republic of Ireland and Northern Ireland. The data was collected between 12 July and 18 July 2024.

It found that the payment of ransoms, and the expectation of paying them, is embedded in many organisations’ cybersecurity strategies. In the last 12 months alone, 33% of businesses have paid a ransom to cyber-criminals.

Impact of cyberattacks on Irish businesses

The research found that one-third of enterprises have been severely impacted by an incident within their organisation in the last 12 months, while 31% have been severely impacted by a cybersecurity incident in their supply chain.

Given the devastating impact that cyberattacks have on business operations and customer trust, the research found that businesses are preparing for significant investments in cybersecurity in the next 12 months.

Expleo’s research found that the average enterprise in Ireland will spend €1.18m on cybersecurity in the next 12 months with one in seven spending more than this.

Signalling what this could be spent on for some, a sizeable proportion (27%) of organisations reported that their security technologies and processes are outdated. Meanwhile, a quarter of businesses admitted that they do not invest enough in cybersecurity.

Overall, the survey pointed to an acceptance among businesses in Ireland that they will fall victim to cyberattacks, with 29% saying they anticipate this in the next 12 months.

However, this is far lower than the proportion of businesses who fell victim to cyberattacks in the last 12 months.

Half of all businesses admitted that their defences were breached by a ransomware attack in the last 12 months, rising to 53% of businesses who fell victim to social engineering attacks. In fact, of the 89% of businesses who said they were targeted with social engineering attacks in the last 12 months, 60% reported that the attacks resulted in a security breach.

The majority of businesses have also been targets of voice-cloning, phishing, whaling (phishing attacks on senior figures in the organisation), malware and AI-powered attacks in the past year, with success rates of between 40% and 50% across all cyberattacks.

“Given the high success rates of known cyber-attack attempts, our research shows that if businesses have avoided falling victim to one type of attack, they have probably not been so fortunate with another,” Rob McConnell, Global Solutions director, Expleo Group.

“We have reached the point where it is not if you will be targeted, but when and how often. Every single business should expect to be targeted by sophisticated attacks on an ongoing basis. It is only with this level of pragmatism that they will be able to deploy the defences needed to combat or detect these advances.

“At the most basic level, enterprises must be confident that they are investing enough in cybersecurity and that their systems and processes are constantly being updated and reinforced. But that will only go so far in protecting them. Organisations must adopt zero-trust frameworks which mean even the CEO is not trusted by the network.

“This is the reality of doing business anywhere in the world today. Businesses that accept this can adopt a culture of openness that will remove some of the blame game associated with cybersecurity. In doing so, they will be able to work proactively towards a more robust organisation with the mindset and infrastructure needed to mitigate risk.”

Main image at top: Rob McConnell, Global Solutions director, Expleo Group

  • Bank of Ireland is welcoming new customers every day – funding investments, working capital and expansions across multiple sectors. To learn more, click here

  • Listen to the ThinkBusiness Podcast for business insights and inspiration. All episodes are here. You can also listen to the Podcast on:

  • Apple

  • Spotify

  • SoundCloud

ThinkBusiness
ThinkBusiness.ie, powered by Bank of Ireland, has been created for Irish business owners and managers who are seeking information, resources and help on a range of business topics. It provides practical, actionable information and guidance on starting, growing and running a business.

Recommended