Irish firms more likely to pay cyber ransom than European neighbours

16 Oct 2023

Image: © Only Fabrizio/Stock.adobe.com

Only a third of Irish businesses reported recovering all data after paying a ransom, while 31pc said the attackers asked for more money after payment.

Nearly three in four Irish businesses have fallen prey to at least one cyberattack in the past 12 months, latest data from Hiscox shows.

According to the Hiscox Cyber Readiness Report published yesterday (15 October), 71pc of Irish businesses claim to have been victim to a cyberattack over the past year, which is a 22-point increase over last year’s figure of 49pc.

Furthermore, the report found that Ireland has the highest median average number of attacks (20) of all countries studied, four times higher than last year. The global percentage of companies suffering at least one cyberattack stands at 53pc.

Ireland is also the country most likely to pay a ransom at 77pc, a position it has retained from the previous Hiscox report. Phishing has overtaken unpatched servers as the most likely entry point for cyberattacks.

While Irish businesses paid ransoms to recover data or prevent the publication of sensitive data, only a third of them reported recovering all data after paying ransom. 31pc reported that the culprits asked for more money after the ransom was paid.

Despite the high incidence of breaches, the cost of all cyberattacks in Ireland is relatively low, with just about half of the Irish companies surveyed in the report saying their annual bill was less than €10,000 – an improvement on the 35pc last year who said they paid lower than this.

Mean and median averages of cost have also dropped significantly in Ireland, with median cost of attacks standing at €8,860 compared with the €15,103 last year.

Interestingly, the largest single cyberattack in Ireland cost €118,128, compared to €5.2m in 2022.

The Hiscox report noted that Ireland has the highest rate of cyber insurance ownership among all the countries surveyed, which includes the UK, Belgium, France, Germany, Spain, the Netherlands and the US.

IT spending has increased from a median of €468,280 to €890,560, but cyber-specific spend has increased by just one-point, from 22pc to 23pc.

Simon Sheahan, senior cyber claims underwriter at Hiscox Ireland, said that the number of attacks on business increasing for “the third year in a row” illustrates how cyber must now be viewed as a “standard business risk”.

“Preparing for the worst is welcome, but trying to stay ahead of the threats is equally important, and we see that hackers are constantly changing how they work in an effort to identify new vulnerabilities, as we can see from the rise of phishing emails as the main entry point,” he said.

“It is a positive that the median costs for Irish businesses has dropped, but the significant increase in the number of businesses being attacked means we must all remain vigilant of the growing threats.”

An Aon survey published early this year found that nearly 20pc of Irish companies experienced a cyberattack last year with larger companies being more at risk.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain was a journalist with Silicon Republic

editorial@siliconrepublic.com